Establishing Equations: The Complexity of Algebraic and Fast Algebraic Attacks Revisited

  • Lin JiaoEmail author
  • Bin Zhang
  • Mingsheng Wang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7807)


Algebraic and fast algebraic attacks have posed serious threats to some deployed LFSR-based stream ciphers. Previous works on this topic focused on reducing the time complexity by lowering the degree of the equations, speeding up the substitution step by Fast Fourier Transform and analysis of Boolean functions exhibiting the optimal algebraic immunity. All of these works shared and overlooked a common base, i.e., establishing an adequate equation system first, which actually in some cases dominates the time or memory complexity if the direct methods are used, especially in fast algebraic attacks. In this paper, we present a complete analysis of the establishing equation procedure and show how the Frobenius form of the monomial state rewriting matrix can be applied to considerably reduce the complexity of this step.


Algebraic attack Stream cipher Establishing equations Coefficient sequence 



We would like to thank anonymous referees for their helpful comments and suggestions, especially a reviewer of Asiacrypt 2013. This work was supported by the National Grand Fundamental Research 973 Program of China (Grant No. 2013CB338002, No. 2013CB834203), the Strategic Priority Research Program of the Chinese Academy of Sciences (Grant No. XDA06010701), IIE’s Research Project on Cryptography (Grant No. Y3Z0016102) and the programs of the National Natural Science Foundation of China (Grant Nos. 61379142, 60833008, 60603018, 61173134, 91118006, 61272476). Supported by the National Natural Science Foundation of China under Grant No. 91118006, the National Grand Fundamental Research 973 Program of China under Grant No. 2013CB338003.


  1. 1.
    Armknecht, F.: Improving fast algebraic attacks. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 65–82. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Armknecht, F., Krause, M.: Algebraic attacks on combiners with memory. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 162–175. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Bluetooth SIG. Specification of the Bluetooth system, version 1.1 (2001).
  4. 4.
    Braeken, A., Lano, J., Mentens, N., Preneel, B., Verbauwhede, I.: Sfinks specification and source code, available on ecrypt stream cipher project page, April 2005.
  5. 5.
    Courtois, N.T.: Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Hawkes, P., Rose, G.G.: Rewriting variables: the complexity of fast algebraic attacks on stream ciphers. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 390–406. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Courtois, N., Meier, W.: Algebraic attacks on stream ciphers with linear feedback. In: Biham, E. (ed.) Advances in Cryptology - EUROCRYPT 2003. Lecture Notes in Computer Science, vol. 2656, pp. 345–359. Springer, Berlin Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Hawkes, P., Rose, G.: Primitive specification and supporting documentation for Sober-t32 submission to nessie. In: Proceedings of the First Open NESSIE Workshop, pp. 13–14 (2000)Google Scholar
  9. 9.
    Hoffman, K., Kunze, R.: Linear Algebra. Prentice-Hall, Englewood Cliffs (1971)zbMATHGoogle Scholar
  10. 10.
    Key, E.: An analysis of the structure and complexity of nonlinear binary sequence generators. IEEE Trans. Inf. Theor. 22(6), 732–736 (1976)zbMATHMathSciNetCrossRefGoogle Scholar
  11. 11.
    Luo, Y., Chai, Q., Gong, G., Lai, X.: A lightweight stream cipher WG-7 for RFID encryption and authentication. In: Global Telecommunications Conference (GLOBECOM 2010), pp. 1–6. IEEE (2010)Google Scholar
  12. 12.
    Meier, W., Pasalic, E., Carlet, C.: Algebraic attacks and decomposition of boolean functions. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 474–491. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Mihaljevic, M.J.: Cryptanalysis of Toyocrypt-HS1 stream cipher. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 85(1), 66–73 (2002)MathSciNetGoogle Scholar
  14. 14.
    Rønjom, S., Cid, C.: Nonlinear equivalence of stream ciphers. In: Hong, S., Iwata, T. (eds.) FSE 2010. LNCS, vol. 6147, pp. 40–54. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  15. 15.
    R\(\phi \)njom, S., Helleseth, T.: A new attack on the filter generator. IEEE Trans. Inf. Theor. 53(5), 1752–1758 (2007)Google Scholar
  16. 16.
    Simpson, L.R., Dawson, E., Golic, J.D., Millan, W.L.: LILI keystream generator. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 248–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Storjohann, A.: An \(O(n^3)\) algorithm for the Frobenius normal form. In: Proceedings of the 1998 International Symposium on Symbolic and Algebraic Computation, ISSAC 1998, pp. 101–105. ACM, New York (1998)Google Scholar
  18. 18.
    Storjohann, A., Villard, G.: Algorithms for similarity transforms. In: Seventh Rhine Workshop on Computer Algebra, Citeseer (2005)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.TCA, Institute of SoftwareChinese Academy of SciencesBeijingPeople’s Republic of China
  2. 2.Graduate University of Chinese Academy of SciencesBeijingPeople’s Republic of China
  3. 3.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingPeople’s Republic of China

Personalised recommendations