DOCSLIB.ORG

Combinatorics in Algebraic and Logical Cryptanalysis Monika Trimoska

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Combinatorics in Algebraic and Logical Cryptanalysis Monika Trimoska Combinatorics in Algebraic and Logical Cryptanalysis Monika Trimoska To cite this version: Monika Trimoska. Combinatorics in Algebraic and Logical Cryptanalysis. Cryptography and Security [cs.CR]. Université de Picardie - Jules Verne, 2021. English. tel-03168389 HAL Id: tel-03168389 https://hal.archives-ouvertes.fr/tel-03168389 Submitted on 13 Mar 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Th`ese de Doctorat Mention Informatique pr´esent´ee`al'Ecole´ Doctorale en Sciences, Technologie, Sant´e(ED 585) `al'Universit´ede Picardie Jules Verne par Monika Trimoska pour obtenir le grade de Docteur de l'Universit´ede Picardie Jules Verne Combinatorics in Algebraic and Logical Cryptanalysis Soutenue le 14 janvier 2021 apr`esavis des rapporteurs, devant le jury d'examen : Antoine Joux, Professeur Pr´esident Pierrick Gaudry, Directeur de Recherche Rapporteur Laurent Simon, Professeur Rapporteur Martin R. Albrecht, Professeur Examinateur Laure Brisoux Devendeville, Ma^ıtrede Conf´erences Examinateur Gilles Dequen, Professeur Directeur de th`ese Sorina Ionica, Ma^ıtrede Conf´erences Co-encadrant Cette th`esea ´et´eeffecut´eedans le cadre du projet CASSPair. Le projet CASSPair est cofinanc´epar l'Union europ´eenneavec le Fonds europ´eende d´eveloppement r´egional. 2 To my parents 3 Acknowledgements The greatest thank you goes out to my supervisors Gilles Dequen and Sorina Ionica, that have worked with me on crypto problems for the past five years. This work would not have been possible without their guidance and creative ideas. They have been very mindful about letting me become an independent researcher while, at the same time, making sure my work stays in the right direction. Any success I hopefully have in the future will also be a result of the skills that they have transferred to me. Gilles, thank you, first, for giving me that initial idea and inspiring me to go into research when my dream was to be a Java architect. For having advice on matters that go beyond the science, teaching me how to sort which things are important and not to worry about those that are not. It was a pleasure to work with you and I hope that we have a lot of brainstorming sessions in front of us. Sorina, thank you for always insisting I do my best work and being an example of the academic that I wish to become. For working till late in the evening with me on submissions, for being kind and patient when explaining technical matters that I still was not very good at, and for thinking (and acting) in advance about what is best for my professional development. Your support is, and has always been, greatly appreciated. I big thank you to all of the other professors from the CS department that have played a huge role in my development, both by their strong encouragements and by enthusiastically showing me numerous hard problems to think about. Some of them have later become my colleagues at MIS, where the day always starts with joy and laughter during our morning coffee break. On that note, a shout out to Juliette for making administration problems magically disappear. The other PhD students, who have become my friends are the reason why I have enjoyed coming to work every day. A big thanks to those that were here before me, Clement, Jordan, Romuald, and Richardson, for all their help at the beginning and throughout my thesis. I would also like to mention Fabien, Olivier, Cl´emence,S´ebastien, and Pierre for the fun we have at the office and the way we help each other, as well as our neighbors from the PR team. I also extend my thanks to all my friends in Amiens and Skopje for being there for me and for their encouragement. I am very grateful to the reviewers for taking the time to review my work and for asking such thoughtful questions during my defense. A big thank you to Pierrick Gaudry, for reading the manuscript with such attention to detail and for giving valuable insight on the subject of elliptic curves and index calculus attacks. Secondly, I thank Laurent Simon, for giving his honest feedback and praise that was indispensable to reassure us in our counter-intuitive findings on cdcl techniques. I should also like to extend my thanks to the examiners Antoine Joux and Martin R. Albrecht for their valuable comments, and finally, to Laure Brisoux Devendeville, who I have known for a very long time and was particularly happy to have as an examiner for this thesis. Special thanks to Antoine Joux for coming in person for my thesis defense in spite of the traveling difficulties that arise due to the current health crisis. I thank my parents for their support, in every meaning of the word, and for always putting me first. I am lucky to have parents that are such different people and thus, to be able to inherit the best of both. My pursuit for excellence in education comes from my 4 mother, as well as my privilege to pursue it, since she has made sure I start off with all the skills I need, early on. My courage for taking on bigger challenges than I think I can handle comes from my father, for setting such an example and encouraging me to do so as well. This thesis is dedicated to them. I also wish to make an honorable mention to their respective spouses, and, of course, to my younger brother and sister to whom I wish all the happiness and success in the world. To my grandparents and my other grandmother, I am very grateful for being the best cheerleaders anyone can have. I often feel like they are even more excited than I am about my accomplishments. My final thanks go to Aleksandar, to whom I owe my happiness. Your never-ending support makes life enjoyable and smooth, which in turn lets me be my best creative self. For this, and a list of reasons that can never be exhaustive, you play a huge hidden part in all of my accomplishments. 5 Contents R´esum´e 8 Glossary 14 1 Introduction 16 2 Boolean Polynomial Systems 21 2.1 Algebraic solving techniques.......................... 22 2.1.1 Gr¨obnerbasis algorithms........................ 22 2.1.2 Linearization and the XL family.................... 26 2.1.3 Exhaustive search............................ 27 2.1.4 Hybrid methods............................. 27 2.1.5 Algorithms for sparse systems..................... 28 2.2 Applications in cryptography......................... 28 I SAT as a tool 30 3 The Satisfiability problem 31 3.1 Preliminaries.................................. 31 3.2 Solving techniques............................... 33 3.3 Applications in cryptography......................... 36 3.3.1 Deriving a SAT model from a Boolean polynomial system..... 37 4 The WDSat Solver 41 4.1 Core algorithm................................. 42 4.2 Three reasoning modules............................ 44 4.2.1 CNF module.............................. 44 4.2.2 XORSET module............................ 47 4.2.3 XORGAUSS module.......................... 49 4.3 Extending the XORGAUSS module...................... 53 4.4 Complexity discussion............................. 58 II Cryptographic applications 60 5 ECDLP Preliminaries 61 5.1 Applications in cryptography......................... 63 5.1.1 Diffie-Hellman key exchange...................... 63 5.1.2 ElGamal encryption.......................... 64 5.1.3 Pairing-based cryptography...................... 65 5.2 Known attacks................................. 66 6 CONTENTS 5.2.1 Generic attacks............................. 66 5.2.2 Attacks on specific families....................... 67 6 Parallel Collision Search 69 6.1 Background................................... 70 6.1.1 Solving discrete logarithms....................... 71 6.1.2 Many collision applications : the multi-user setting......... 72 6.1.3 Many collision applications : meet-in-the-middle attacks...... 74 6.1.4 Computational model and data structure............... 74 6.2 Time complexity................................ 75 6.2.1 Finding one collision.......................... 75 6.2.2 Finding many collisions......................... 77 6.3 The multi-user setting............................. 80 6.4 Our approach for the data structure...................... 83 6.4.1 Radix tree structure.......................... 83 6.4.2 Packed Radix-Tree-List......................... 85 6.5 Implementation and benchmarks....................... 87 6.5.1 PRTL implementation......................... 87 6.5.2 PRTL vs. hash table........................... 88 6.5.3 ECDLP implementation details and scalability............ 91 6.5.4 Multi-collision search computation................... 92 7 Index Calculus 94 7.1 Background................................... 95 7.1.1 Classical index calculus......................... 95 7.1.2 Index calculus for ECDLP....................... 98 7.2 Model description................................ 100 7.2.1 The Algebraic Model.......................... 101 7.2.2 The CNF-XOR Model......................... 102 7.2.3 The CNF Model............................ 103 7.3 Symmetry breaking technique......................... 104 7.4 Branching order................................. 105 7.4.1 MVC and summation polynomials................... 108 7.5 Complexity
Load more

Recommended publications
  • Convert Truth Table to Boolean Expression
    Convert Truth Table To Boolean Expression Gustave often dozings hydrostatically when neap Caspar libelled readably and Frenchify her mare's-tails. Weidar enlarges consumedly while oven-ready Byron allaying penetratingly or matriculating contagiously. Micah hark her tart calumniously, she thresh it commensurately. Input boolean expressions can have iframes disabled in use boolean truth table to convert truth tables into one convenient source from. This page an example, are converted into single output line argument to convert a boolean function as the truth table lists all possible. This is converted to follow up for example to a bar, we occasionally miss an arrow at boolean. Converting Truth Tables into Boolean Expressions Boolean. So that we know that is either nand gates instead of expression to relate outputs are the faster than by. Truth table Rosetta Code. And a sale group- eliminating algorithm to headquarters the superintendent of enable input. The and converting from my two. Tutorial Performing Boolean Algebra inside an FPGA using Look-Up Tables LUTs. DeMorgan's Laws tell us how to negate a boolean expression and what it. Creating expressions. Gives a nested table that truth values of expr with the outermost level on possible combinations of the ai. Truth Table from All Boolean Functions of 2 Variables y 0. Algebra simplifications methods: converting truth table to these symbols, we have already. Boolean function CircuitVerse. S1 S2 Light he is living truth abuse for the logical connective. Boolean Functions and Truth Tables The meaning or braid of a logical expression tout a Boolean function from the set is possible assignments of truth values for.
    [Show full text]
  • Multiplicative Complexity of Boolean Functions
    Multiplicative Complexity of Boolean Functions Meltem S¨onmezTuran National Institute of Standards and Technology, Gaithersburg, MD WPI ECE Online Graduate Seminar Lecture March 17 2021 In this presentation, ... • Overview - Computer Security Division of NIST • Circuit Complexity Problem • Multiplicative Complexity • Three results • Multiplicative Complexity of Boolean functions with n ≤ 6 • Boolean functions with Multiplicative Complexity 1,2,3 and 4 • Multiplicative Complexity of Symmetric Boolean Functions • Research Directions 1 National Institute of Standards and Technology • Non-regulatory federal agency within U.S. Department of Commerce. • Founded in 1901, known as the National Bureau of Standards (NBS) prior to 1988. • Headquarters in Gaithersburg, Maryland, and laboratories in Boulder, Colorado. • Employs around 6,000 employees and associates. Computer Security Division (CSD) conducts research, development and outreach necessary to provide standards and guidelines, mechanisms, tools, metrics and practices to protect nation's information and information systems. 2 CSD Publications • Federal Information Processing Standards (FIPS): Specify approved crypto standards. • NIST Special Publications (SPs): Guidelines, technical specifications, recommendations and reference materials, including multiple sub-series. • NIST Internal or Interagency Reports (NISTIR): Reports of research findings, including background information for FIPS and SPs. • NIST Information Technology Laboratory (ITL) Bulletins: Monthly overviews of NIST's security and privacy publications, programs and projects. 3 Standard Development Process • International \competitions": Engage community through an open competition (e.g., AES, SHA-3, PQC, Lightweight Crypto). • Adoption of existing standards: Collaboration with accredited standards organizations (e.g., RSA, HMAC). • Open call for proposals: Ongoing open invitation (e.g., modes of operations). • Development of new algorithms: if no suitable standard exists (e.g., DRBGs).
    [Show full text]
  • CS228 Logic for Computer Science 2020 Lecture 7: Conjunctive
    CS228 Logic for Computer Science 2020 Lecture 7: Conjunctive Normal Form Instructor: Ashutosh Gupta IITB, India Compile date: 2020-02-01 cbna CS228 Logic for Computer Science 2020 Instructor: Ashutosh Gupta IITB, India 1 Removing ⊕, ), and ,. We have seen equivalences that remove ⊕, ), and , from a formula. I (p ) q) ≡ (:p _ q) I (p ⊕ q) ≡ (p _ q) ^ (:p _:q) I (p , q) ≡ :(p ⊕ q) In the lecture, we will assume you can remove them at will. Commentary: Note that removal of ⊕ and , blows up the formula size. Their straight up removal is not desirable. cbna CS228 Logic for Computer Science 2020 Instructor: Ashutosh Gupta IITB, India 2 Topic 7.1 Negation normal form cbna CS228 Logic for Computer Science 2020 Instructor: Ashutosh Gupta IITB, India 3 Negation normal form(NNF) Definition 7.1 A formula is in NNF if : appears only in front of the propositional variables. Theorem 7.1 For every formula F , there is a formula F 0 in NNF such that F ≡ F 0. Proof. Due to the equivalences, we can always push : under the connectives I Often we assume that the formulas are in NNF. I However, there are negations hidden inside ⊕, ), and ,. Sometimes, the symbols are also expected to be removed while producing NNF Exercise 7.1 Write an efficient algorithm to convert a propositional formula to NNF? Commentary: In our context, we will not ask one to remove e ⊕, ), and , during conversion to NNF. cbna CS228 Logic for Computer Science 2020 Instructor: Ashutosh Gupta IITB, India 4 Example :NNF Example 7.1 Consider :(q ) ((p _:s) ⊕ r)) ≡ q ^ :((p _:s) ⊕ r) ≡ q ^ (:(p _:s) ⊕ r) ≡ q ^ ((:p ^ ::s) ⊕ r) ≡ q ^ ((:p ^ s) ⊕ r) Exercise 7.2 Convert the following formulas into NNF I :(p ) q) I :(:((s ):(p , q))) ⊕ (:q _ r)) Exercise 7.3 Remove ), ,, and ⊕ before turning the above into NNF.
    [Show full text]
  • Algebraic and Logic Solving Methods for Cryptanalysis Jan Horácek
    DISSERTATION Algebraic and Logic Solving Methods for Cryptanalysis Submitted to the Faculty of Computer Science and Mathematics of the University of Passau in Partial Fulfillment of the Requirements for the Degree of Doctor of Natural Sciences Jan Hor´aˇcek Advisor: Prof. Dr. Martin Kreuzer Chair of Symbolic Computation, University of Passau External Referee: Prof. Dr. Armin Biere Institute for Formal Models and Verification, Johannes Kepler University Linz Passau, June 2019 Abstract Algebraic solving of polynomial systems and satisfiability of propositional logic for- mulas are not two completely separate research areas, as it may appear at first sight. In fact, many problems coming from cryptanalysis, such as algebraic fault attacks, can be rephrased as solving a set of Boolean polynomials or as deciding the satisfiability of a propositional logic formula. Thus one can analyze the security of cryptosystems by ap- plying standard solving methods from computer algebra and SAT solving. This doctoral thesis is dedicated to studying solvers that are based on logic and algebra separately as well as integrating them into one such that the combined solvers become more powerful tools for cryptanalysis. This disseration is divided into three parts. In this first part, we recall some theory and basic techniques for algebraic and logic solving. We focus mainly on DPLL-based SAT solving and techniques that are related to border bases and Gr¨obnerbases. In particular, we describe in detail the Border Basis Algorithm and discuss its specialized version for Boolean polynomials called the Boolean Border Basis Algorithm. In the second part of the thesis, we deal with connecting solvers based on algebra and logic.
    [Show full text]
  • 1 Compositions and Clones of Boolean Functions 5
    Cambridge University Press 978-0-521-84752-0 - Boolean Models and Methods in Mathematics, Computer Science, and Engineering Edited by Yves Crama and Peter L. Hammer Excerpt More information Part I Algebraic Structures © in this web service Cambridge University Press www.cambridge.org Cambridge University Press 978-0-521-84752-0 - Boolean Models and Methods in Mathematics, Computer Science, and Engineering Edited by Yves Crama and Peter L. Hammer Excerpt More information 1 Compositions and Clones of Boolean Functions Reinhard Poschel¨ and Ivo Rosenberg 1.1 Boolean Polynomials The representations of Boolean functions are frequently based on the fundamental operations {∨, ∧, }, where the disjunction x ∨ y represents the logical OR, the conjunction x ∧ y represents the logical AND and is often denoted by x · y or simply by the juxtaposition xy, and x stands for the negation, or complement, of x and is often denoted by x. This system naturally appeals to logicians and, for some reasons, also to electrical engineers, as illustrated by many chapters of this volume and by the monograph [7]. Its popularity may be explained by the validity of many identities or laws: for example, the associativity, commutativity, idempotence, distributive, and De Morgan laws making B :=B; ∨, ∧, , 0, 1 a Boolean algebra, where B ={0, 1}; in fact, B is the least nontrivial Boolean algebra. It is natural to ask whether there is a system of basic Boolean functions other than {∨, ∧, }, but equally powerful in the sense that each Boolean function may be represented over this system. To get such a system, we introduce the following binary (i.e., two-variable) Boolean function +˙ defined by setting x+˙ y = 0ifx = y and x+˙ y = 1ifx = y; its truth table is xyx+˙ y 00 0 01 1 10 1 11 0 Clearly x+˙ y = 1 if and only if the arithmetical sum x + y is odd, and for this reason +˙ is also referred to as the sum mod 2.
    [Show full text]
  • 2020-CS228-CNF-Slides
    CS228 Logic for Computer Science 2020 Lecture 7: Conjunctive Normal Form Instructor: Ashutosh Gupta IITB, India Compile date: 2020-08-21 cbna CS228 Logic for Computer Science 2020 Instructor: Ashutosh Gupta IITB, India 1 Normal forms I Grammar of propositional logic is too complex. I If one builds a tool, one will prefer to handle fewer connectives and simpler structure I We transform given formulas into normal forms before handling them. Commentary: Building a software for handling formulas with the complexity is undesirable. We aim to reduce the complexity by applying transformations to obtain a normalized form. The normalization results in standardization and interoperability of tool. cbna CS228 Logic for Computer Science 2020 Instructor: Ashutosh Gupta IITB, India 2 Removing ⊕, ), and ,. Please note the following equivalences that remove ⊕, ), and , from a formula. I (p ) q) ≡ (:p _ q) I (p ⊕ q) ≡ (p _ q) ^ (:p _:q) I (p , q) ≡ :(p ⊕ q) For the ease of presentation, we will assume you can remove them at will. Commentary: Removing ) is common and desirable. The removal of ⊕ and ,, however, blows up the formula size. Their straight up removal is not desirable. We can avoid the blow up in some contexts. However, in our presentation we will skip the issue. cbna CS228 Logic for Computer Science 2020 Instructor: Ashutosh Gupta IITB, India 3 Topic 7.1 Negation normal form cbna CS228 Logic for Computer Science 2020 Instructor: Ashutosh Gupta IITB, India 4 Negation normal form(NNF) Definition 7.1 A formula is in NNF if : appears only in front of the propositional variables.
    [Show full text]
  • Propositional Logic for Knowledge Representation and Formalization of Reasoning
    Propositional Logic for Knowledge Representation and Formalization of Reasoning Kurdman Abdulrahman Rasol Submitted to the Institute of Graduate Studies and Research in partial fulfillment of the requirements for the degree of Master of Science in Applied Mathematics and Computer Science Eastern Mediterranean University June 2017 Gazimağusa, North Cyprus Approval of the Institute of Graduate Studies and Research Prof. Dr. Mustafa Tümer Director I certify that this thesis satisfies the requirements as a thesis for the degree of Master of Science in Applied Mathematics and Computer Science. Prof. Dr. Nazim Mahmudov Chair, Department of Mathematics We certify that we have read this thesis and that in our opinion it is fully adequate in scope and quality as a thesis for the degree of Master of Science in Applied Mathematics and Computer Science. Prof. Dr. Rashad Aliyev Supervisor Examining Committee 1. Prof. Dr. Rashad Aliyev 2. Asst. Prof. Dr. Ersin Kuset Bodur 3. Asst. Prof. Dr. Müge Saadetoğlu ABSTRACT The purpose of this master thesis is to investigate the basic concepts of propositional logic for knowledge representation and formalization of reasoning in Artificial Intelligence. The different properties of logical propositions are discussed. The basic and derived logical connectives are used to establish the compound statements, and the truth tables are constructed to investigate the properties of logical connectives. Such propositions as tautology, satisfiability, contradiction, contingency, logical entailment and logical equivalence are analyzed. Three algebraic normal forms - negation normal form, disjunctive normal form and conjunctive normal form are studied. Horn clauses are implemented. Two forms of valid inferences as modus ponens and modus tollens are considered.
    [Show full text]
  • Neural Networks As Universal Approximators, and the Issue of Depth 3 2.1 the Perceptron Revisited
    Contents Part I: Introductory Block 1 2 Neural networks as universal approximators, and the issue of depth 3 2.1 The perceptron revisited . 3 2.2 Deep structures and the concept of depth . 6 2.2.1 The formal notion of depth . 6 2.2.2 The multi-layer perceptron . 8 2.3 MLPs as approximate functions . 10 2.4 MLPs as universal Boolean functions . 11 2.4.1 The perceptron as a Boolean gate . 11 2.4.2 Reducing the Boolean function . 18 2.4.3 Width of a one-hidden-layer Boolean MLP . 24 2.4.4 Size of a deep MLP . 25 2.4.5 The challenge of depth . 28 2.4.6 The actual number of parameters in the network . 28 2.4.7 Depth vs size in Boolean circuits . 30 2.5 MLPs as universal classifiers . 33 2.5.1 Composing an arbitrarily shaped decision boundary . 40 2.6 MLPs as universal approximators . 49 2.7 The issue of depth . 53 2.8 RBF networks: a brief introduction . 60 i List of Figures 2.1 Recap: Threshold logic in a perceptron . 5 2.2 Examples of some activation functions . 6 2.3 The concept of layering and deep layering in a network of per- ceptrons . 7 2.4 Explaining the notion of depth in deep structures . 8 2.5 Explaining the notion of depth in MLPs . 9 2.6 Examples of Boolean and continuous valued functions modeled by an MLP . 10 2.7 AND, NOT and OR gates modeled by a perceptron . 11 2.8 Generalized gates modeled by a perceptron .
    [Show full text]
  • Efficiently Representing the Integer Factorization Problem Using Binary Decision Diagrams" (2017)
    Utah State University DigitalCommons@USU All Graduate Plan B and other Reports Graduate Studies 8-2017 Efficientlyepr r esenting the integer factorization problem using binary decision diagrams David Skidmore Utah State University Follow this and additional works at: https://digitalcommons.usu.edu/gradreports Part of the Algebra Commons, Discrete Mathematics and Combinatorics Commons, Information Security Commons, Number Theory Commons, Other Computer Sciences Commons, and the Other Mathematics Commons Recommended Citation Skidmore, David, "Efficiently representing the integer factorization problem using binary decision diagrams" (2017). All Graduate Plan B and other Reports. 1043. https://digitalcommons.usu.edu/gradreports/1043 This Creative Project is brought to you for free and open access by the Graduate Studies at DigitalCommons@USU. It has been accepted for inclusion in All Graduate Plan B and other Reports by an authorized administrator of DigitalCommons@USU. For more information, please contact [email protected]. Efficiently representing the integer factorization problem using binary decision diagrams David Skidmore 29 April 2017 Abstract Let p be a prime positive integer and let α be a positive integer greater than 1. A method is given to reduce the problem of finding a nontrivial factorization of α to the problem of finding a solution to a system of modulo p polynomial congruences where each variable in the system is constrained to the set f0; : : : ; p − 1g. In the case that p = 2 it is shown that each polynomial in the system can be represented by an ordered binary decision diagram with size less than 3 2 20:25 log2(α) + 16:5 log2(α) + 6 log2(α) whereas previous work on the subject has only produced systems in which at least one of the polynomials has an ordered binary decision diagram representation with size exponential in log2(α).
    [Show full text]
  • Boolean Functions and Boolean Maps
    Boolean Functions, Boolean Maps, and Boolean Circuits Klaus Pommerening Fachbereich Physik, Mathematik, Informatik der Johannes-Gutenberg-Universit¨at Saarstraße 21 D-55099 Mainz February 2, 2003|English version August 30, 2003 last change March 6, 2021 1 Elementary Operations on Bits On the lowest software level computers process bits or groups of bits. Ex- amples of such groups are bytes that usually consist of 8 bits, or \words", usually 32 or 64 bits, depending on the processor architecture. Bits have a logical interpretation as truth values \true" (T) or \false" (F). They also have an algebraic interpretation as values 0 (corresponding to F) or 1 (corresponding to T). As mathematical objects they are elements of the two element set f0; 1g, denoted by F2. This notation comes from the algebraic context: Consider the residue class ring of Z modulo 2. This ring has two elements and is a field since 2 is a prime number. Addition in this field is the same as the logical operation XOR, multiplication is the same as the logical operation AND, see Table 1. The algebraic structure as field is of fundamental importance in Cryp- tography. Therefore, as usual in Algebra, we use the notation Fq for finite fields where q is the number of elements (often also written as GF(q) for \Galois Field"). In this context we also use the algebraic symbols + (for XOR), and · (for AND) for the operations, and often omit the multiplica- tion dot. Cryptographers sometimes like to use the symbols ⊕ and ⊗ that unfortunately have a quite different meaning in Mathematics (direct sum or tensor product of vector spaces).
    [Show full text]
  • Hacking of the AES with Boolean Functions
    Hacking of the AES with Boolean Functions Michel Dubois and Eric´ Filiol Operational Cryptology and Virology Laboratory, 38 rue des Docteurs Calmette et Gurin, 53000 Laval, France Keywords: Block Cipher, Boolean Function, Cryptanalysis, AES. Abstract: One of the major issues of cryptography is the cryptanalysis of cipher algorithms. Some mechanisms for breaking codes include differential cryptanalysis, advanced statistics and brute-force. Recent works also at- tempt to use algebraic tools to reduce the cryptanalysis of a block cipher algorithm to the resolution of a system of quadratic equations describing the ciphering structure. In our study, we will also use algebraic tools but in a new way: by using Boolean functions and their properties. A Boolean function is a function from Fn F with n > 1. The arguments of Boolean functions are binary words of length n. Any Boolean function 2 → 2 can be represented, uniquely, by its algebraic normal form which is an equation which only contains additions modulo 2—the XOR function—and multiplications modulo 2—the AND function. Our aim is to describe the AES algorithm as a set of Boolean functions then calculate their algebraic normal forms by using the Moe- bius transforms. After, we use a specific representation for these equations to facilitate their analysis and particularly to try a combinatorial analysis. Through this approach we obtain a new kind of equations system. 1 INTRODUCTION nately, these approaches are infeasible because of the difficulty of solving large systems of equations. The block cipher algorithms are a family of cipher al- We will also use algebraic tools but in a new way gorithms which use symmetric key and work on fixed by using Boolean functions and their properties.
    [Show full text]
  • New Techniques for Handling Quantifiers in Boolean and First
    IT Licentiate theses 2016-012 New Techniques for Handling Quantifiers in Boolean and First-Order Logic PETER BACKEMAN UPPSALA UNIVERSITY Department of Information Technology New Techniques for Handling Quantifiers in Boolean and First-Order Logic Peter Backeman [email protected] December 2016 Division of Computer Systems Department of Information Technology Uppsala University Box 337 SE-751 05 Uppsala Sweden http://www.it.uu.se/ Dissertation for the degree of Licentiate of Philosophy in Computer Science c Peter Backeman 2016 ISSN 1404-5117 Printed by the Department of Information Technology, Uppsala University, Sweden u Abstract The automation of reasoning has been an aim of research for a long time. Already in 17th century, the famous mathematician Leibniz invented a mechanical calculator capable of performing all four basic arithmetic operators. Although automatic reas- oning can be done in di↵erent fields, many of the procedures for automated reasoning handles formulas of first-order logic. Examples of use cases includes hardware verification, program analysis and knowledge representation. One of the fundamental challenges in first-order logic is hand- ling quantifiers and the equality predicate. On the one hand, SMT-solvers (Satisfiability Modulo Theories) are quite efficient at dealing with theory reasoning, on the other hand they have limited support for complete and efficient reasoning with quanti- fiers. Sequent, tableau and resolution calculi are methods which are used to construct proofs for first-order formulas, and can use more efficient techniques to handle quantifiers. Unfortunately, in contrast to SMT, handling theories is more difficult. In this thesis we investigate methods to handle quantifiers by re- stricting search spaces to finite domains, explorable in a system- atic manner.
    [Show full text]