Abstract
We present a novel approach for preprocessing systems of polynomial equations via graph partitioning. The variable-sharing graph of a system of polynomial equations is defined. If such graph is disconnected, then the corresponding system of equations can be split into smaller ones that can be solved individually. This can provide a tremendous speed-up in computing the solution to the system, but is unlikely to occur either randomly or in applications. However, by deleting certain vertices on the graph, the variable-sharing graph could be disconnected in a balanced fashion, and in turn the system of polynomial equations would be separated into smaller systems of near-equal sizes. In graph theory terms, this process is equivalent to finding balanced vertex partitions with minimum-weight vertex separators. The techniques of finding these vertex partitions are discussed, and experiments are performed to evaluate its practicality for general graphs and systems of polynomial equations. Applications of this approach in algebraic cryptanalysis on symmetric ciphers are presented: For the QUAD family of stream ciphers, we show how a malicious party can manufacture conforming systems that can be easily broken. For the stream ciphers Bivium and Trivium, we achieve significant speedups in algebraic attacks against them, mainly in a partial key guess scenario. In each of these cases, the systems of polynomial equations involved are well-suited to our graph partitioning method. These results may open a new avenue for evaluating the security of symmetric ciphers against algebraic attacks.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
BOINC: Berkeley Open Infrastructure for Network Computing, http://boinc.berkeley.edu/
Al-Hinai, S., Batten, L., Colbert, B., Wong, K.K.H.: Algebraic attacks on clock-controlled stream ciphers. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 1–16. Springer, Heidelberg (2006)
Alon, N., Semour, P., Thomas, R.: A separator theorem for graphs with an excluded minor and its applications. Journal of the American Mathematical Society 3(4), 801–808 (1990)
Arditti, D., Berbain, C., Billet, O., Gilbert, H., Patarin, J.: QUAD: Overview and recent developments. In: Biham, E., Handschuh, H., Lucks, S., Rijmen, V. (eds.) Symmetric Cryptography. Dagstuhl Seminar Proceedings, vol. 07021. Internationales Begegnungs- und Forschungszentrum fuer Informatik (IBFI), Schloss Dagstuhl, Germany (2007)
Bard, G.V.: Algorithms for solving linear and polynomial systems of equations over finite fields with applications to cryptanalysis. Ph.D. thesis, Department of Applied Mathematics and Scientific Computation, University of Maryland, College Park (August 2007), http://www.math.umd.edu/~bardg/bard_thesis.pdf
Bard, G.V.: Algebraic Cryptanalysis. Springer, Heidelberg (2009)
Bard, G.V., Courtois, N., Jefferson, C.: Efficient methods for conversion and solution of sparse systems of low-degree multivariate polynomials over GF(2) via SAT-Solvers. Cryptology ePrint Archive, Report 2007/024 (2007), http://eprint.iacr.org/2007/024.pdf
Baños, R., Gil, C., Ortega, J., Montoya, F.G.: Multilevel heuristic algorithm for graph partitioning. In: Raidl, G.R., Cagnoni, S., Cardalda, J.J.R., Corne, D.W., Gottlieb, J., Guillot, A., Hart, E., Johnson, C.G., Marchiori, E., Meyer, J.-A., Middendorf, M. (eds.) EvoIASP 2003, EvoWorkshops 2003, EvoSTIM 2003, EvoROB/EvoRobot 2003, EvoCOP 2003, EvoBIO 2003, and EvoMUSART 2003. LNCS, vol. 2611, pp. 143–153. Springer, Heidelberg (2003)
Berbain, C., Gilbert, H., Patarin, J.: QUAD: A practical stream cipher with provable security. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 109–128. Springer, Heidelberg (2006)
Bernstein, D.: Response to slid pairs in Salsa20 and Trivium. Tech. rep., The University of Illinois, Chicago (2008), http://cr.yp.to/snuffle/reslid-20080925.pdf
Berry, J., Dean, N., Goldberg, M., Shannon, G., Skiena, S.: Graph computation with LINK. Software: Practice and Experience 30, 1285–1302 (2000)
Black, M., Bard, G.: SAT over BOINC: Satisfiability solving over a volunteer grid. Draft Article (2010) (Submitted for Publication), http://www.math.umd.edu/~bardg/publications.html
Bosma, W., Cannon, J., Playoust, C.: The MAGMA algebra system. I. The user language. Journal of Symbolic Computation 24(3-4), 235–265 (1997)
Chase, M., Lysyanskaya, A.: Simulatable vrfs with applications to multi-theorem nizk. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 303–322. Springer, Heidelberg (2007)
Cho, J.Y., Pieprzyk, J.: Algebraic attacks on SOBER-t32 and SOBER-t16 without stuttering. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 49–64. Springer, Heidelberg (2004)
Courtois, N.: Algebraic attacks on combiners with memory and several outputs. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 3–20. Springer, Heidelberg (2005)
Courtois, N., Meier, W.: Algebraic attacks on stream cipher with linear feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)
Courtois, N., Shamir, A., Patarin, J., Klimov, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)
Davis, T.A.: Direct methods for sparse linear systems, Fundamentals of Algorithms, vol. 2. SIAM, Philadelphia (2006)
De Cannière, C., Preneel, B.: Trivium specifications. Tech. rep., Katholieke Universiteit Leuven (2007), http://www.ecrypt.eu.org/stream/p3ciphers/trivium/trivium_p3.pdf
Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2010)
Eén, N., Sörensson, N.: Minisat — a SAT solver with conflict-clause minimization. In: Bacchus, F., Walsh, T. (eds.) SAT 2005. LNCS, vol. 3569, pp. 61–75. Springer, Heidelberg (2005)
Eibach, T., Pilz, E., Völkel, G.: Attacking Bivium using SAT solvers. In: Büning, H. K., Zhao, X. (eds.) SAT 2008. LNCS, vol. 4996, pp. 63–76. Springer, Heidelberg (2008)
Faugère, J.C.: A new efficient algorithm for computer Gröbner bases (f 4). Journal of Pure and Applied Algebra 139, 61–88 (1999)
Fiduccia, C., Mattheyses, R.: A linear time heuristic for improving network partitions. In: 19th ACM/IEEE Design Automation Conference, pp. 175–181 (1982)
Fremuth-Paeger, C.: Goblin: A graph object library for network programming problems (2007), http://goblin2.sourceforge.net/
Gilbert, J.R., Hutchinson, J.P., Tarjan, R.E.: A separation theorem for graphs of bounded genus. Journal of Algorithms 5, 391–407 (1984)
Gilbert, J.R., Teng, S.H.: Meshpart: Matlab mesh partitioning and graph separator toolbox (2002), http://www.cerfacs.fr/algor/Softs/MESHPART
Hendrickson, B., Leland, R.: The Chaco user’s guide: Version 2.0. Tech. Rep. SAND94-2692, Sandia National Laboratories (1994)
Hendrickson, B., Leland, R.: A multilevel algorithm for partitioning graphs. In: 1995 ACM/IEEE Supercomputing Conference. ACM, New York (1995)
Johnson, D.S.: The NP-completeness column: An on-going guide. J. Algorithms 8, 438–448 (1987)
Karypis, G., Kumar, V.: A fast and high quality multilevel scheme for partitioning irregular graphs. SIAM Journal on Scientific Computing 20(1), 359–392 (1999)
Karypis, G., et al.: Metis — Serial graph partitioning and fill-reducing matrix ordering (1998), http://glaros.dtc.umn.edu/gkhome/views/metis/
Kernighan, B., Lin, S.: An efficient heuristic procedure for partitioning graphics. Bell Systems Technical Journal 49, 291–307 (1970)
Khovratovich, D., Biryukov, D., Nikolic, I.: Speeding up collision search for byte-oriented hash functions. In: Halevi, S. (ed.) Advances in Cryptology - CRYPTO 2009. LNCS, vol. 5677, pp. 164–181. Springer, Heidelberg (2009)
Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999)
Kumar, V., Grama, A., Gupta, A., Karypis, G.: Introduction to Parallel Computing: Design and Analysis of Algorithms. Benjamin/Cummings Publishing Company, Redwood City (1994)
Lipton, R.J., Tarjan, R.E.: A separator theorem for planar graphs. SIAM Journal on Applied Mathematics 36(2), 177–189 (1979)
Maximov, A., Biryukov, A.: Two trivial attacks on Trivium. In: Adams, C.M., Miri, A., Wiener, M.J. (eds.) SAC 2007. LNCS, vol. 4876, pp. 36–55. Springer, Heidelberg (2007), http://eprint.iacr.org/2007/021
McDonald, C., Charnes, C., Pieprzyk, J.: An algebraic analysis of Trivium ciphers based on the boolean satisfiability problem. In: Presented at the International Conference on Boolean Functions: Cryptography and Applications, BFCA2008 (2008), Cryptology ePrint Archive, Report 2007/129 (2007), http://eprint.iacr.org/2007/129
Menger, K.: Zur allgemeinen Kurventheorie. Fundamenta Mathematicae 10, 96–115 (1927)
Miller, G.L., Teng, S.H., Thurston, W., Vavasis, S.A.: Automatic mesh partitioning. In: George, A., Gilbert, J., Liu, J. (eds.) Graph Theory and Sparse Matrix Computation. The IMA Volumes in Mathematics and its Application, vol. 56, pp. 57–84. Springer, Heidelberg (1993)
Müller, R., Wagner, D.: α-vertex separator is NP-hard even for 3-regular graphs. J. Computing 46, 343–353 (1991)
Pellegrini, F., Roman, J.: SCOTCH: A software package for static mapping by dual recursive bipartitioning of process and architecture graphs. In: Liddell, H., Colbrook, A., Hertzberger, B., Sloot, P.M.A. (eds.) HPCN-Europe 1996. LNCS, vol. 1067, pp. 493–498. Springer, Heidelberg (1996)
Preis, R., Diekmann, R.: The PARTY partitioning-library, user guide - version 1.1. Tech. Rep. tr-rsfb-96-024, University of Paderborn (1996)
Priemuth-Schmid, D., Biryukov, A.: Slid pairs in Salsa20 and Trivium. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 1–14. Springer, Heidelberg (2008)
Raddum, H., Semaev, I.: New technique for solving sparse equation systems. Cryptology ePrint Archive, Report 2006/475 (2006), http://eprint.iacr.org/2006/475
Raddum, H.: Cryptanalytic results on Trivium. Tech. Rep. 2006/039, The eSTREAM Project (March 27, 2006), http://www.ecrypt.eu.org/stream/papersdir/2006/039.ps
Schweikert, D.G., Kernighan, B.W.: A proper model for the partitioning of electrical circuits. In: 9th workshop on Design automation, pp. 57–92. ACM, New York (1972)
Vielhaber, M.: Breaking One. Fivium by AIDA an algebraic IV differential attack. Cryptology ePrint Archive, Report 2007/413 (2007), http://eprint.iacr.org/2007/413
Walshaw, C., Cross, M.: JOSTLE: Parallel Multilevel Graph-Partitioning Software - An Overview. Tech. rep., Civil-Comp Ltd. (2007)
Wong, K.K.H.: Application of Finite Field Computation to Cryptology: Extension Field Arithmetic in Public Key Systems and Algebraic Attacks on Stream Ciphers. PhD Thesis, Information Security Institute, Queensland University of Technology (2008)
Wong, K.K.H., Bard, G., Lewis, R.: Partitioning multivariate polynomial equations via vertex separators for algebraic cryptanalysis and mathematical applications. Draft Article (2008), http://www.math.umd.edu/~bardg/publications.html
Wong, K.K.H., Colbert, B., Batten, L., Al-Hinai, S.: Algebraic attacks on clock-controlled cascade ciphers. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 32–47. Springer, Heidelberg (2006)
Yang, B.Y., Chen, O.C.H., Bernstein, D.J., Chen, J.M.: Analysis of QUAD. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 290–308. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Koon-Ho Wong, K., Bard, G.V. (2010). Improved Algebraic Cryptanalysis of QUAD, Bivium and Trivium via Graph Partitioning on Equation Systems. In: Steinfeld, R., Hawkes, P. (eds) Information Security and Privacy. ACISP 2010. Lecture Notes in Computer Science, vol 6168. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14081-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-14081-5_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14080-8
Online ISBN: 978-3-642-14081-5
eBook Packages: Computer ScienceComputer Science (R0)