Abstract
“Algebraic Cryptanalysis” against a cryptosystem often comprises finding enough relations that are generally or probabilistically valid, then solving the resultant system. The security of many schemes (most important being AES) thus depends on the difficulty of solving multivariate polynomial equations. Generically, this is NP-hard.
The related methods of XL (eXtended Linearization), Gröbner Bases, and their variants (of which a large number has been proposed) form a unified approach to solving equations and thus affect our assessment and understanding of many cryptosystems.
Building on prior theory, we analyze these XL variants and derive asymptotic formulas giving better security estimates under XL-related algebraic attacks; through this examination we have hopefully improved our understanding of such variants. In particular, guessing a portion of variables is a good idea for both XL and Gröbner Bases methods.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anonymous Referee Report from Crypto 2004 (2004)
Bardet, M., Faugère, J.-C., Salvy, B.: Complexity of Gröbner Basis Computations for Regular Overdetermined Systems, inria rr-5049
Bernstein, D.: Matrix Inversion Made Difficult, preprint at http://cr.yp.to
Chester, C., Friedman, B., Ursell, F.: An Extension of the Method of Steepest Descents. Proc. Camb. Philo. Soc. 53, 599–611 (1957)
Coppersmith, D.: Private communication
Coppersmith, D., Winograd, S.: Matrix multiplication via Arithmetic Progressions. J. Symbolic Computation 9, 251–280 (1990)
Courtois, N.: Higher-Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 182–199. Springer, Heidelberg (2003)
Courtois, N.: Fast Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 177–194. Springer, Heidelberg (2003)
Courtois, N.: Algebraic Attacks over GF(2k), Cryptanalysis of HFE Challenge 2 and SFLASHv2. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 201–217. Springer, Heidelberg (2004)
Courtois, N., Goubin, L., Patarin, J.: SFLASHv3, a Fast Asymmetric Signature Scheme, preprint available at http://eprint.iacr.org/2003/211
Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)
Courtois, N., Patarin, J.: About the XL Algorithm over GF(2). In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 141–157. Springer, Heidelberg (2003)
Courtois, N., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)
Daemen, J., Rijmen, V.: The Design of Rijndael, AES - The Advanced Encryption Standard. Springer, Heidelberg (2002)
Diem, C.: The XL-algorithm and a conjecture from commutative algebra. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 323–337. Springer, Heidelberg (2004) (to appear)
Duff, S., Erismann, A.M., Reid, J.K.: Direct Methods for Sparse Matrices. Oxford Science Publications, Oxford (1986)
Eberly, W., Kaltofen, E.: On Randomized Lanczos Algorithms. In: Proc. ISSAC 1997, pp. 176–183. ACM Press, New York (1997)
Eisenbud, D.: Commutative Algebra with a View toward Algebraic Geometry. Springer, Heidelberg (1995)
Faugère, J.-C.: A New Efficient Algorithm for Computing Gröbner Bases without Reduction to Zero (F5). In: Proceedings of ISSAC 2002, pp. 75–83. ACM Press, New York (2002)
Faugère, J.-C., Joux, A.: Algebraic Cryptanalysis of Hidden Field Equations (HFE) Cryptosystems Using Gröbner Bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)
Fröberg, R.: An inequality for Hilbert Series of Graded Algebras. Math. Scand. 56, 117–144 (1985)
Garey, M., Johnson, D.: Computers and Intractability, A Guide to the Theory of NP-completeness. W. H. Freeman, New York (1979)
Hwang, H.-K.: Asymptotic estimates of elementary probability distributions. Studies in Applied Mathematics 99(4), 393–417 (1997)
LaMacchia, B., Odlyzko, A.: Solving Large Sparse Linear Systems over Finite Fields. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 109–133. Springer, Heidelberg (1991)
Lazard, D.: Gröbner Bases, Gaussian Elimination and Resolution of Systems of Algebraic Equations. In: van Hulzen, J.A. (ed.) ISSAC 1983 and EUROCAL 1983. LNCS, vol. 162, pp. 146–156. Springer, Heidelberg (1983)
Matsumoto, T., Imai, H.: Public Quadratic Polynomial-Tuples for Efficient Signature-Verification and Message-Encryption. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 419–453. Springer, Heidelberg (1988)
McGeoch, C.: Veni, Divisi, Vici. Appearing in the “Computer Science Sampler. column of the Amer. Math. Monthly (May 1995)
Moh, T.: On The Method of XL and Its Inefficiency Against TTM, Available at http://eprint.iacr.org/2001/047
Murphy, S., Robshaw, M.: Essential Algebraic Structures Within the AES. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 1–16. Springer, Heidelberg (2002)
Murphy, S., Robshaw, M.: Comments on the Security of the AES and the XSL Technique, From author’s homepage http://www.isg.rhul.ac.uk/~sean/
NESSIE Security Report, V2.0, Available at http://www.cryptonessie.org
Patarin, J.: Hidden Field Equations (hfe) and Isomorphisms of Polynomials (ip): Two New Families of Asymmetric Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)
Patarin, J., Goubin, L., Courtois, N.: C∗ −+ and HM: Variations Around Two Schemes of T. Matsumoto and H. Imai. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 35–49. Springer, Heidelberg (1998)
Patarin, J., Courtois, N., Goubin, L.: FLASH, a Fast Multivariate Signature Algorithm. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 298–307. Springer, Heidelberg (2001), Update with SFLASHv2 available at http://www.cryptonessie.org
Strassen, V.: Gaussian Elimination is not Optimal. Num. Math. 13, 354–356 (1969)
Sugita, M., Kawazoe, M., Imai, H.: Relation between XL algorithm and Groebner Bases Algorithms (preprint), http://eprint.iacr.org/2004/112
Szegö, G.: Orthogonal Polynomials, 4th edn. Amer. Math. Soc., Providence
Wiedemann, D.: Solving Sparse Linear Equations over Finite Fields. IEEE Transaction on Information Theory IT-32(1), 54–62 (1976)
Wong, R.: Asymptotic Approximations of Integrals. Acad. Press, San Diego (1989)
Yang, B.-Y., Chen, J.-M.: All in the XL Family: Theory and Practice (preprint)
Yang, B.-Y., Chen, J.-M.: TTS: Rank Attacks in Tame-Like Multivariate PKCs, Available at http://eprint.iacr.org/2004/061
Yang, B.-Y., Chen, J.-M.: Theoretical Analysis of XL over Small Fields. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 277–288. Springer, Heidelberg (2004); Note: updated version available from the authors
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yang, BY., Chen, JM., Courtois, N.T. (2004). On Asymptotic Security Estimates in XL and Gröbner Bases-Related Algebraic Cryptanalysis. In: Lopez, J., Qing, S., Okamoto, E. (eds) Information and Communications Security. ICICS 2004. Lecture Notes in Computer Science, vol 3269. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30191-2_31
Download citation
DOI: https://doi.org/10.1007/978-3-540-30191-2_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23563-7
Online ISBN: 978-3-540-30191-2
eBook Packages: Springer Book Archive