A new efficient algorithm for computing all low degree annihilators of sparse polynomials with a high number of variables

  • Authors:

  • Lin Xu;Dongdai Lin;Xin Li

  • Affiliations:

  • The State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R. China;The State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R. China;The State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing, P.R. China

  • Venue:
  • ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

Algebraic attacks have proved to be an effective threat to block and stream cipher systems. In the realm of algebraic attacks, there is one major concern that, for a given Boolean polynomial f, if f or f+1 has low degree annihilators. Existing methods for computing all annihilators within degree d of f in n variables, such as Gauss elimination and interpolation, have a complexity based on the parameter $k_{n, d} = \sum_{i=0}^{d}{{{n}\choose{i}}}$, which increases dramatically with n. As a result, these methods are impractical when dealing with sparse polynomials with a large n, which widely appear in modern cipher systems. In this paper, we present a new tool for computing annihilators, the characters w.r.t. a Boolean polynomial. We prove that the existence of annihilators of f and f+1 resp. relies on the zero characters and the critical characters w.r.t.f. Then we present a new algorithm for computing annihilators whose complexity relies on k′f,d, the number of zero or critical characters within degree dw.r.t.f. Since k′f,d≪kn, d when f is sparse, this algorithm is very efficient for sparse polynomials with a large n. In our experiments, all low degree annihilators of a random balanced sparse polynomial in 256 variables can be found in a few minutes.