Computing the Algebraic Immunity Efficiently

  • Frédéric Didier
  • Jean-Pierre Tillich
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4047)


The purpose of algebraic attacks on stream and block ciphers is to recover the secret key by solving an overdefined system of multivariate algebraic equations. They become very efficient if this system is of low degree. In particular, they have been used to break stream ciphers immune to all previously known attacks. This kind of attack tends to work when certain Boolean functions used in the ciphering process have either low degree annihilators or low degree multiples. It is therefore important to be able to check this criterion for Boolean functions. We provide in this article an algorithm of complexity \(O \left( m^d\right)\) (for fixed d) which is able to prove that a given Boolean function in m variables has no annihilator nor multiple of degree less than or equal to d. This complexity is essentially optimal. We also provide a more practical algorithm for the same task, which we believe to have the same complexity. This last algorithm is also able to output a basis of annihilators or multiples when they exist.


Algebraic attacks Algebraic immunity Stream ciphers Boolean functions Annihilator Low degree multiple 


  1. [Arm04]
    Frederik Armknecht. On the existence of low-degree equations for algebraic attacks. 2004. Scholar
  2. [BP05]
    Braeken, A., Preneel, B.: On the algebraic immunity of symmetric Boolean functions (2005),
  3. [Car04]
    Carlet, C.: Improving the algebraic immunity of resilient and nonlinear functions and constructing bent functions (2004),
  4. [CDG05]
    Courtois, N., Debraize, B., Garrido, E.: On exact algebraic [non-]immunity of S-boxes based on power functions. Cryptology ePrint Archive, Report 2005/203 (2005),
  5. [CM03]
    Courtois, N., Meier, W.: Algebraic attacks on stream ciphers with linear feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 346–359. Springer, Heidelberg (2003)Google Scholar
  6. [Cou03]
    Courtois, N.: Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003)Google Scholar
  7. [CP02]
    Courtois, N., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002),
  8. [DGM04]
    Dalai, D.K., Gupta, K.C., Maitra, S.: Results on algebraic immunity for cryptographically significant Boolean functions. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 92–106. Springer, Heidelberg (2004)Google Scholar
  9. [Did05]
    Didier, F.: A new bound on the block error probability after decoding over the erasure channel. IEEE IT (July 2005) Submited to,
  10. [DMS05]
    Dalai, D.K., Maitra, S., Sarkar, S.: Basic theory in construction of Boolean functions with maximum possible annihilator immunity (2005),
  11. [FA03]
    Faugére, J.-C., Ars, G.: An algebraic cryptanalysis of nonlinear filter generator using Gröbner bases. Rapport de Recherche INRIA, 4739 (2003)Google Scholar
  12. [MPC04]
    Meier, W., Pasalic, E., Carlet, C.: Algebraic attacks and decomposition of Boolean functions. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 474–491. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Frédéric Didier
    • 1
  • Jean-Pierre Tillich
    • 1
  1. 1.INRIA RocquencourtProjet CODESLe Chesnay

Personalised recommendations