Solving Compressed Right Hand Side Equation Systems with Linear Absorption

  • Thorsten Ernst Schilling
  • Håvard Raddum
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7280)


In this paper we describe an approach for solving complex multivariate equation systems related to algebraic cryptanalysis. The work uses the newly introduced Compressed Right Hand Sides (CRHS) representation, where equations are represented using Binary Decision Diagrams (BDD). The paper introduces a new technique for manipulating a BDD, similar to swapping variables in the well-known sifting-method. Using this technique we develop a new solving method for CRHS equation systems. The new algorithm is successfully tested on systems representing reduced variants of Trivium.


multivariate equation system BDD algebraic cryptanalysis Trivium 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Schilling, T.E., Raddum, H.: Analysis of trivium using compressed right hand side equations. In: 14th International Conference on Information Security and Cryptology, Seoul, Korea, November 30-December 2. LNCS (2011)Google Scholar
  2. 2.
    Rudell, R.: Dynamic variable ordering for ordered binary decision diagrams. In: Proceedings of the 1993 IEEE/ACM International Conference on Computer-aided Design, vol. 12, pp. 42–47 (1993)Google Scholar
  3. 3.
    Cannière, C.D., Preneel, B.: Trivium specifications. ECRYPT Stream Cipher Project (2005)Google Scholar
  4. 4.
    Akers, S.B.: Binary decision diagrams. IEEE Transactions on Computers 27(6), 509–516 (1978)MATHCrossRefGoogle Scholar
  5. 5.
    Somenzi, F.: Binary decision diagrams. In: Calculational System Design. NATO Science Series F: Computer and Systems Sciences, vol. 173, pp. 303–366. IOS Press (1999)Google Scholar
  6. 6.
    Krause, M.: BDD-Based Cryptanalysis of Keystream Generators. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 222–237. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Stegemann, D.: Extended BDD-Based Cryptanalysis of Keystream Generators. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 17–35. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Raddum, H.: MRHS Equation Systems. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 232–245. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Raddum, H., Semaev, I.: Solving multiple right hand sides linear equations. Designs, Codes and Cryptography 49(1), 147–160 (2008)MathSciNetMATHCrossRefGoogle Scholar
  10. 10.
    Schilling, T.E., Raddum, H.: Solving Equation Systems by Agreeing and Learning. In: Hasan, M.A., Helleseth, T. (eds.) WAIFI 2010. LNCS, vol. 6087, pp. 151–165. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Shannon, C.E.: The synthesis of two-terminal switching circuits. Bell Systems Technical Journal 28, 59–98 (1949)MathSciNetGoogle Scholar
  12. 12.
    McDonald, C., Charnes, C., Pieprzyk, J.: Attacking Bivium with MiniSat. eSTREAM, ECRYPT Stream Cipher Project, Report 2007/040 (2007),

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Thorsten Ernst Schilling
    • 1
  • Håvard Raddum
    • 1
  1. 1.Selmer CenterUniversity of BergenNorway

Personalised recommendations