A combinatorial problem related to sparse systems of equations

Peter Horak, Igor Semaev, Z. Tuza

Research output: Contribution to journalArticle

Abstract

Nowadays sparse systems of equations occur frequently in science and engineering. In this contribution we deal with sparse systems common in cryptanalysis. Given a cipher system, one converts it into a system of sparse equations, and then the system is solved to retrieve either a key or a plaintext. Raddum and Semaev proposed new methods for solving such sparse systems common in modern ciphers which are combinations of linear layers and small S-boxes. It turns out that the solution of a combinatorial MaxMinMax problem provides an upper bound on the average computational complexity of those methods. In this paper we initiate the study of a linear algebra variation of the MaxMinMax problem. The complexity bound proved in this paper significantly overcomes conjectured complexity bounds for Gröbner basis type algorithms.

Original languageEnglish
Pages (from-to)1-16
Number of pages16
JournalDesigns, Codes, and Cryptography
DOIs
Publication statusAccepted/In press - Nov 2 2016

Fingerprint

Linear algebra
Combinatorial Problems
System of equations
Computational complexity
Average Complexity
S-box
Cryptanalysis
Convert
Computational Complexity
Upper bound
Engineering

Keywords

  • Gluing algorithm
  • MaxMinMax problem
  • Sparse systems of equations

ASJC Scopus subject areas

  • Computer Science Applications
  • Applied Mathematics

Cite this

A combinatorial problem related to sparse systems of equations. / Horak, Peter; Semaev, Igor; Tuza, Z.

In: Designs, Codes, and Cryptography, 02.11.2016, p. 1-16.

Research output: Contribution to journalArticle

@article{3e53c982316c48d9ba437fdcd2e4d05f,
title = "A combinatorial problem related to sparse systems of equations",
abstract = "Nowadays sparse systems of equations occur frequently in science and engineering. In this contribution we deal with sparse systems common in cryptanalysis. Given a cipher system, one converts it into a system of sparse equations, and then the system is solved to retrieve either a key or a plaintext. Raddum and Semaev proposed new methods for solving such sparse systems common in modern ciphers which are combinations of linear layers and small S-boxes. It turns out that the solution of a combinatorial MaxMinMax problem provides an upper bound on the average computational complexity of those methods. In this paper we initiate the study of a linear algebra variation of the MaxMinMax problem. The complexity bound proved in this paper significantly overcomes conjectured complexity bounds for Gr{\"o}bner basis type algorithms.",
keywords = "Gluing algorithm, MaxMinMax problem, Sparse systems of equations",
author = "Peter Horak and Igor Semaev and Z. Tuza",
year = "2016",
month = "11",
day = "2",
doi = "10.1007/s10623-016-0294-4",
language = "English",
pages = "1--16",
journal = "Designs, Codes, and Cryptography",
issn = "0925-1022",
publisher = "Springer Netherlands",

}

TY - JOUR

T1 - A combinatorial problem related to sparse systems of equations

AU - Horak, Peter

AU - Semaev, Igor

AU - Tuza, Z.

PY - 2016/11/2

Y1 - 2016/11/2

N2 - Nowadays sparse systems of equations occur frequently in science and engineering. In this contribution we deal with sparse systems common in cryptanalysis. Given a cipher system, one converts it into a system of sparse equations, and then the system is solved to retrieve either a key or a plaintext. Raddum and Semaev proposed new methods for solving such sparse systems common in modern ciphers which are combinations of linear layers and small S-boxes. It turns out that the solution of a combinatorial MaxMinMax problem provides an upper bound on the average computational complexity of those methods. In this paper we initiate the study of a linear algebra variation of the MaxMinMax problem. The complexity bound proved in this paper significantly overcomes conjectured complexity bounds for Gröbner basis type algorithms.

AB - Nowadays sparse systems of equations occur frequently in science and engineering. In this contribution we deal with sparse systems common in cryptanalysis. Given a cipher system, one converts it into a system of sparse equations, and then the system is solved to retrieve either a key or a plaintext. Raddum and Semaev proposed new methods for solving such sparse systems common in modern ciphers which are combinations of linear layers and small S-boxes. It turns out that the solution of a combinatorial MaxMinMax problem provides an upper bound on the average computational complexity of those methods. In this paper we initiate the study of a linear algebra variation of the MaxMinMax problem. The complexity bound proved in this paper significantly overcomes conjectured complexity bounds for Gröbner basis type algorithms.

KW - Gluing algorithm

KW - MaxMinMax problem

KW - Sparse systems of equations

UR - http://www.scopus.com/inward/record.url?scp=84994201414&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84994201414&partnerID=8YFLogxK

U2 - 10.1007/s10623-016-0294-4

DO - 10.1007/s10623-016-0294-4

M3 - Article

AN - SCOPUS:84994201414

SP - 1

EP - 16

JO - Designs, Codes, and Cryptography

JF - Designs, Codes, and Cryptography

SN - 0925-1022

ER -