Algebraic attacks on stream ciphers with linear feedback
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Results on algebraic immunity for cryptographically significant boolean functions
INDOCRYPT'04 Proceedings of the 5th international conference on Cryptology in India
Extensions of the Cube Attack Based on Low Degree Annihilators
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
On extended algebraic immunity
Designs, Codes and Cryptography
Using wiedemann's algorithm to compute the immunity against algebraic and fast algebraic attacks
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Reducing the number of homogeneous linear equations in finding annihilators
SETA'06 Proceedings of the 4th international conference on Sequences and Their Applications
On algebraic immunity and annihilators
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
Hi-index | 0.00 |
The purpose of algebraic attacks on stream and block ciphers is to recover the secret key by solving an overdefined system of multivariate algebraic equations. They become very efficient if this system is of low degree. In particular, they have been used to break stream ciphers immune to all previously known attacks. This kind of attack tends to work when certain Boolean functions used in the ciphering process have either low degree annihilators or low degree multiples. It is therefore important to be able to check this criterion for Boolean functions. We provide in this article an algorithm of complexity $O \left( m^d\right)$ (for fixed d) which is able to prove that a given Boolean function in m variables has no annihilator nor multiple of degree less than or equal to d. This complexity is essentially optimal. We also provide a more practical algorithm for the same task, which we believe to have the same complexity. This last algorithm is also able to output a basis of annihilators or multiples when they exist.