Advertisement

The ANF of the Composition of Addition and Multiplication mod 2n with a Boolean Function

  • An Braeken
  • Igor Semaev
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3557)

Abstract

Compact formulas are derived to represent the Algebraic Normal Form (ANF) of \(f(\bar{x} + \bar{a}~mod~2^{n})\) and \(f(\bar{x} \times \bar{a}~mod~2^{n})\) from the ANF of f, where f is a Boolean function on \(\mathbb{F}^{n}_{2}\) and \(\bar{a}\) is a constant of \(\mathbb{F}^{n}_{2}\). We compare the algebraic degree of the composed functions with the algebraic degree of the original function f. As an application, the formula for addition modulo 2 n is applied in an algebraic attack on the summation generator and the E 0 encryption scheme in the Bluetooth keystream generator.

References

  1. 1.
    Armknecht, F.: A Linearization Attack on the Bluetooth Key Stream Generator, Cryptology ePrint Archive, Report 2002/191 (2002), http://eprint.iacr.org/2002/191
  2. 2.
    Armknecht, F., Krause, M.: Algebraic attacks on combiners with memory. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 162–175. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Bluetooth SIG, Specification of the Bluetooth System, Version 1.1, 1 Feburary 22 (2001), available at http://www.bluetooth.com
  4. 4.
    Bailey, D.H., Lee, K., Simon, H.D.: Using Strassen’s Algorithm to Accelerate the Solution of Linear Systems. J. of Supercomputing 4, 357–371 (1990)CrossRefGoogle Scholar
  5. 5.
    Courtois, N.: Higher order correlation attacks,XL algorithm and cryptanalysis of toyocrypt. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 182–199. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Courtois, N., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Courtois, N.: Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Courtois, N.: Algebraic Attacks on Combiners with memory and Several Outputs, eprint archive, 2003/125Google Scholar
  10. 10.
    Courtois, N., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Joux, A., Faugére, J.-C.: Algebraic cryptanalysis of hidden field equation (HFE) cryptosystems using gröbner bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)Google Scholar
  12. 12.
    Cusick, T.W., Ding, C., Renvall, A.: Stream Ciphers and Number Theory. Elsevier, Amsterdam (1998)MATHGoogle Scholar
  13. 13.
    Ding, C.: The Differential Cryptanalysis and Design of the Natural Stream Ciphers. In: Anderson, R. (ed.) FSE 1993. LNCS, vol. 809, pp. 101–115. Springer, Heidelberg (1994)Google Scholar
  14. 14.
    Ferguson, N., Whiting, D., Schneier, B., Kelsey, J., Lucks, S., Kohno, T.: Helix: Fast encryption and authentication in a single cryptographic primitive. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 345–362. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Klimov, A., Shamir, A.: New cryptographic primitives based on multiword T-functions. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 1–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Klapper, A., Goresky, M.: Cryptanalysis based on 2-adic rational approximation. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 262–273. Springer, Heidelberg (1995)Google Scholar
  17. 17.
    Lee, D.H., Kim, J., Hong, J., Han, J.W., Moon, D.: Algebraic attacks on summation generators. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 34–48. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Lee, H., Moon, S.: On an Improved Summation Generator with 2-bit Memory. Signal Processing 80, 211–217 (2000)MATHCrossRefGoogle Scholar
  19. 19.
    Lee, H., Moon, S.: Parallel Stream Cipher for Secure High-Speed Communications. Signal Processing 82, 259–265 (2002)MATHCrossRefGoogle Scholar
  20. 20.
    Massey, J.L.: SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm. In: Fast Software Encryption, Cambridge Security Workshop Proceedings, pp. 1–17. Springer, Heidelberg (1994)Google Scholar
  21. 21.
    Meier, W., Staffelbach, O.: Correlation Properties of Combiners with Memory in Stream Cipher. Journal of Cryptology 5, 67–86 (1992)MATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Lai, X., Massey, J.L.: A proposal for a new block encryption standard. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 389–404. Springer, Heidelberg (1991)Google Scholar
  23. 23.
    Newman, D.J.: Analytic Number Theory. Springer, New York (1998)MATHGoogle Scholar
  24. 24.
    Rose, G., Hawkes, P.: Turing: A fast stream cipher. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 307–324. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  25. 25.
    Rueppel, R.A.: Correlation immunity and the summation generator. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 260–272. Springer, Heidelberg (1986)Google Scholar
  26. 26.
    Schneier, B.: Applied Cryptography. Wiley, New York (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • An Braeken
    • 1
  • Igor Semaev
    • 2
  1. 1.Department Electrical Engineering, ESAT/COSICKatholieke Universiteit LeuvenHeverlee-LeuvenBelgium
  2. 2.Selmer Center, Inst. for InformatikkUniversity of BergenBergenNorway

Personalised recommendations