Search for linearizing sets in algebraic cryptanalysis as a problem of pseudo-boolean optimization | Applied Discrete Mathematics. Supplement. 2019. № 12. DOI: 10.17223/2226308X/12/38

Search for linearizing sets in algebraic cryptanalysis as a problem of pseudo-boolean optimization

The paper introduces the concept of linearizing sets that can be considered as a generalization of known linearization sets. Linearization sets are used in algebraic attacks related to the class of guess-and-determine attacks. The idea of such attacks is to guess values of variables from a certain set and then to substitute them into a system of algebraic equations that connects the input and output data of the cipher under consideration. In some cases, the result of such procedure is a linear system that can be solved effectively. In the present paper, we consider algebraic equations over the field GF(2). The values of variables from the linearizing set (as opposed to the linearization set) linearize the system of equations with a certain probability, which, generally speaking, can be substantially less than 1. The complexity estimation for guess-and-determine attack based on a particular linearizing set is constructed using a specially defined pseudo-Boolean function. The minimum value of this function gives a complexity estimation for the attack with best efficiency. To minimize such functions, a metaheuristic algorithm from the class of tabu search algorithms is used. At the current stage, attacks of the described type are built for some cryptographic generators. In particular, for the well-known A5/1 generator, the presented method allows to construct a guess-and-determine attack which complexity is 4.5 times lower than the complexity of Anderson's attack.

Download file

Counter downloads: 140

Keywords

атаки из класса «угадывай и определяй», линеаризующие множества, псевдобулева оптимизация, guess-and-determine attacks, linearizing sets, pseudo-Boolean optimization

Authors

Name	Organization	E-mail
Semenov A. A.	Institute of System Dynamics and Control Theory named after V. M. Matrosova	biclop.rambler@yandex.ru
Antonov K. V.	Irkutsk State University	aknitr@mail.ru
Otpuschennikov I. V.	Institute of System Dynamics and Control Theory named after V. M. Matrosova	otilya@yandex.ru

Всего: 3

References

Агибалов Г. П. Логические уравнения в криптоанализе генераторов ключевого потока // Вестник Томского госуниверситета. Приложение. 2003. №6. С. 31-41.

Bard G. Algebraic Cryptanalysis. Springer Publishing Company, Inc., 2009.

Goldreich O. Computational Complexity: A Conceptual Perspective. Cambridge: Cambridge University Press, 2008.

Чень Ч., Ли Р. Математическая логика и автоматическое доказательство теорем. М.: Наука, 1983.

Semenov A., Zaikin O., Otpuschennikov I., et al. On cryptographic attacks using backdoors for SAT // Thirty-Second AAAI Conf., 2018. P. 6641-6648. https://arxiv.org/abs/1803. 04646.

Metropolis N. and Ulam S. The Monte Carlo method // J. Amer. Statistical Association. 1949. V. 44. No. 247. P. 335-341.

Boros E. and Hammer P. Pseudo-Boolean optimization // Discr. Appl. Math. 2002. V. 123, Iss. 1-3. P. 155-225.

Glover F. and Laguna M. Tabu Search. Norwell: Kluwer Academic Publishers, 1997.

ЦКП Иркутский суперкомпьютерный центр СО РАН. http://hpc.icc.ru

Отпущенников И. В., Семенов А. А. Технология трансляции комбинаторных проблем в булевы уравнения // Прикладная дискретная математика. 2011. №1(11). С. 96-115.

Otpuschennikov I., Semenov A, Gribanova I., et al. Encoding cryptographic functions to SAT using TRANSALG system // Frontiers in Artificial Intelligence and Applications. 2016. V. 285. P. 1594-1595.

Anderson R. A5 (Was: Hacking digital phones). Newsgroup Communication. 1994. http: //yarchive.net/phone/gsmcipher.html.