Gwénolé Ars

Comparison between XL and Gröbner basis algorithms

This paper compares the XL algorithm with known Grobner basis algorithms. We show that to solve a system of algebraic equations via the XL algorithm is equivalent to calculate the reduced Grobner basis of the ideal associated with the system. Moreover we show that the XL algorithm is also a Grobner basis algorithm which can be represented as a redundant variant of a Grobner basis algorithm F 4. Then we compare these algorithms on semi-regular sequences, which correspond, in conjecture, to almost all polynomial systems in two cases: over the fields \(\mathbb{F}_{2}\) and \(\mathbb{F}_{q}\) with q ≫ n. We show that the size of the matrix constructed by XL is large compared to the ones of the F 5 algorithm. Finally, we give an experimental study between XL and the Buchberger algorithm on the cryptosystem HFE and find that the Buchberger algorithm has a better behavior.

Introducing a new variant of fast algebraic attacks and minimizing their successive data complexity

Algebraic attacks have established themselves as a powerful method for the cryptanalysis of LFSR-based keystream generators (e.g., E0 used in Bluetooth). The attack is based on solving an overdetermined system of low-degree equations Rt=0, where Rtis an expression in the state of the LFSRs at clock t and one or several successive keystream bits zt,...,zt+δ. In fast algebraic attacks, new equations of a lower degree are constructed in a precomputation step. This is done by computing appropriate linear combinations of T successive initial equations Rt=0. The successive data complexity of the attack is the number T of successive equations. We propose a new variant of fast algebraic attacks where the same approach is employed to eliminate some unknowns, making a divide-and-conquer attack possible. In some cases, our variant is applicable whereas the first one is not. Both variants can have a high successive data complexity (e.g., T≥ 8.822.188 for E0). We describe how to keep it to a minimum and introduce suitable efficient algorithms for the precomputation step.

Algebraic Attacks on Stream Ciphers with Gröbner Bases

Stream ciphers efficiently encrypt data streams of arbitrary length and are widely deployed in practice, e.g., in mobile phones. Consequently, the development of new mechanisms to design and analyze stream ciphers is one of the major topics in modern cryptography. Algebraic attacks evaluate the security of certain stream ciphers by exploring the question how an attack could be performed by generating and solving appropriate systems of equations. In this text, we give an introduction to algebraic attacks and provide an overview on how and to what extent Grobner bases are useful in this context.