A first course in combinatorial mathematics (2nd ed.)
A first course in combinatorial mathematics (2nd ed.)
Gröbner-Bases, Gaussian elimination and resolution of systems of algebraic equations
EUROCAL '83 Proceedings of the European Computer Algebra Conference on Computer Algebra
Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Block Ciphers with Overdefined Systems of Equations
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Efficient algorithms for solving overdefined systems of multivariate polynomial equations
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Higher order correlation attacks, XL algorithm and cryptanalysis of Toyocrypt
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Algebraic attacks on stream ciphers with linear feedback
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
About the XL algorithm over GF(2)
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
The linear vector space spanned by the nonlinear filter generator
SSC'07 Proceedings of the 2007 international conference on Sequences, subsequences, and consequences
On attacks on filtering generators using linear subspace structures
SSC'07 Proceedings of the 2007 international conference on Sequences, subsequences, and consequences
All in the XL family: theory and practice
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
Growth of the ideal generated by a quadratic boolean function
PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography
Hi-index | 0.00 |
Solving multivariate polynomial equation systems has been the focus of much attention in cryptography in the last years. Since most ciphers can be represented as a system of such equations, the problem of breaking a cipher naturally reduces to the task of solving them. Several papers have appeared on a strategy known as eXtended Linearization(XL) with a view to assessing its complexity. However, its efficiency seems to have been overestimated and its behaviour has yet to be fully understood. Our aim in this paper is to fill in some of these gaps in our knowledge of XL. In particular, by examining how dependencies arise from multiplication by monomials, we give a formula from which the efficiency of XL can be deduced for multivariate polynomial equations over $\mathbb{F}_2.$ This confirms rigorously a result arrived at by Yang and Chen by a completely different approach. The formula was verified empirically by investigating huge amounts of random equation systems with varying degree, number of variables and number of equations.