Fast Exhaustive Search for Polynomial Systems in \({\mathbb{F}_2}\)

  • Charles Bouillaguet
  • Hsieh-Chung Chen
  • Chen-Mou Cheng
  • Tung Chou
  • Ruben Niederhagen
  • Adi Shamir
  • Bo-Yin Yang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6225)

Abstract

We analyze how fast we can solve general systems of multivariate equations of various low degrees over \({\mathbb{F}_{2}}\); this is a well known hard problem which is important both in itself and as part of many types of algebraic cryptanalysis. Compared to the standard exhaustive search technique, our improved approach is more efficient both asymptotically and practically. We implemented several optimized versions of our techniques on CPUs and GPUs. Our technique runs more than 10 times faster on modern graphic cards than on the most powerful CPU available. Today, we can solve 48+ quadratic equations in 48 binary variables on a 500-dollar NVIDIA GTX 295 graphics card in 21 minutes. With this level of performance, solving systems of equations supposed to ensure a security level of 64 bits turns out to be feasible in practice with a modest budget. This is a clear demonstration of the computational power of GPUs in solving many types of combinatorial and cryptanalytic problems.

Keywords

multivariate polynomials solving systems of equations exhaustive search parallelization Graphic Processing Units (GPUs) 

References

  1. 1.
    Bard, G.V., Courtois, N.T., Jefferson, C.: Efficient methods for conversion and solution of sparse systems of low-degree multivariate polynomials over GF(2) via SAT-solvers, http://eprint.iacr.org/2007/024
  2. 2.
    Bardet, M., Faugère, J.-C., Salvy, B.: On the complexity of Gröbner basis computation of semi-regular overdetermined algebraic equations. In: Proc. Int’l Conference on Polynomial System Solving, pp. 71–74 (2004) INRIA report RR-5049Google Scholar
  3. 3.
    Bardet, M., Faugère, J.-C., Salvy, B., Yang, B.-Y.: Asymptotic expansion of the degree of regularity for semi-regular systems of equations. In: Proc. MEGA 2005 (2005)Google Scholar
  4. 4.
    Berbain, C., Gilbert, H., Patarin, J.: QUAD: A practical stream cipher with provable security. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 109–128. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Bernstein, D.J., Chen, T.-R., Cheng, C.-M., Lange, T., Yang, B.-Y.: ECM on graphics cards. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 483–501. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Bettale, L., Faugére, J.-C., Perret, L.: Hybrid approach for solving multivariate systems over finite fields. J. Math. Crypto. 3(3), 177–197 (2009)MATHCrossRefGoogle Scholar
  7. 7.
    Bouillaguet, C., Faugére, J.-C., Fouque, P.-A., Perret, L.: Differential-algebraic algorithms for the isomorphism of polynomials problem, http://eprint.iacr.org/2009/583
  8. 8.
    Bouillaguet, C., Fouque, P.-A., Joux, A., Treger, J.: A family of weak keys in HFE (and the corresponding practical key-recovery), http://eprint.iacr.org/2009/619
  9. 9.
    Buchberger, B.: Ein Algorithmus zum Auffinden der Basiselemente des Restklassenringes nach einem nulldimensionalen Polynomideal. PhD thesis, Innsbruck (1965)Google Scholar
  10. 10.
    Buchmann, J., Cabarcas, D., Ding, J., Mohamed, M.S.E.: Flexible Partial Enlargement to Accelerate Gröbner Basis Computation over \(\mathbb{F_2}\). In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 69–81. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Courtois, N., Bard, G.V., Wagner, D.: Algebraic and slide attacks on Keeloq. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 97–115. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Courtois, N., Goubin, L., Patarin, J.: SFLASH: Primitive specification (second revised version) (2002), https://www.cosic.esat.kuleuven.be/nessie
  13. 13.
    Courtois, N.T., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000), Extended ver., http://www.minrank.org/xlfull.pdf CrossRefGoogle Scholar
  14. 14.
    de Bruijn, N.: Asymptotic methods in analysis. 2nd edition. Bibliotheca Mathematica. Vol. 4., 200 p. P. Noordhoff Ltd. XII, Groningen (1961)Google Scholar
  15. 15.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases (F 4). J. of Pure and Applied Algebra 139, 61–88 (1999)MATHCrossRefGoogle Scholar
  16. 16.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F 5). In: ACM ISSAC 2002, pp. 75–83 (2002)Google Scholar
  17. 17.
    Faugère, J.-C., Joux, A.: Algebraic cryptanalysis of Hidden Field Equations (HFE) using Gröbner bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Fog, A.: Instruction Tables. Copenhagen University, College of Engineering, Lists of Instruction Latencies, Throughputs and micro-operation breakdowns for Intel, AMD, and VIA CPUs (February 2010), http://www.agner.org/optimize/instruction_tables.pdf
  19. 19.
    Patarin, J.: Asymmetric cryptography with a hidden monomial. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 45–60. Springer, Heidelberg (1996)Google Scholar
  20. 20.
    Patarin, J.: Hidden Field Equations (HFE) and Isomorphisms of Polynomials (IP): two new families of asymmetric algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996), Extended ver.: http://www.minrank.org/hfe.pdf Google Scholar
  21. 21.
    Patarin, J., Courtois, N., Goubin, L.: QUARTZ, 128-bit long digital signatures. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 282–297. Springer, Heidelberg (2001), http://www.minrank.org/quartz/ CrossRefGoogle Scholar
  22. 22.
    Patarin, J., Goubin, L., Courtois, N.: Improved algorithms for Isomorphisms of Polynomials. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 184–200. Springer, Heidelberg (1998); Extended ver.: http://www.minrank.org/ip6long.ps CrossRefGoogle Scholar
  23. 23.
    Raddum, H.: MRHS equation systems. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 232–245. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Sugita, M., Kawazoe, M., Perret, L., Imai, H.: Algebraic cryptanalysis of 58-round SHA-1. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 349–365. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  25. 25.
    Yang, B.-Y., Chen, J.-M.: Theoretical analysis of XL over small fields. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 277–288. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  26. 26.
    Yang, B.-Y., Chen, J.-M., Courtois, N.: On Asymptotic Security Estimates in XL and Gröbner Bases-Related Algebraic Cryptanalysis. In: López, J., Qing, S., Okamoto, E. (eds.) ICICS 2004. LNCS, vol. 3269, pp. 401–413. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Charles Bouillaguet
    • 1
  • Hsieh-Chung Chen
    • 2
  • Chen-Mou Cheng
    • 3
  • Tung Chou
    • 3
  • Ruben Niederhagen
    • 3
    • 4
  • Adi Shamir
    • 1
    • 5
  • Bo-Yin Yang
    • 2
  1. 1.Ecole Normale SupérieureParisFrance
  2. 2.Institute of Information ScienceAcademia SinicaTaipeiTaiwan
  3. 3.National Taiwan UniversityTaipeiTaiwan
  4. 4.Technische Universiteit EindhovenThe Netherlands
  5. 5.Weizmann Institute of ScienceIsrael

Personalised recommendations