### Abstract

Nowadays sparse systems of equations occur frequently in science and engineering. In this contribution we deal with sparse systems common in cryptanalysis. Given a cipher system, one converts it into a system of sparse equations, and then the system is solved to retrieve either a key or a plaintext. Raddum and Semaev proposed new methods for solving such sparse systems common in modern ciphers which are combinations of linear layers and small S-boxes. It turns out that the solution of a combinatorial MaxMinMax problem provides an upper bound on the average computational complexity of those methods. In this paper we initiate the study of a linear algebra variation of the MaxMinMax problem. The complexity bound proved in this paper significantly overcomes conjectured complexity bounds for Gröbner basis type algorithms.

Original language | English |
---|---|

Pages (from-to) | 1-16 |

Number of pages | 16 |

Journal | Designs, Codes, and Cryptography |

DOIs | |

Publication status | Accepted/In press - Nov 2 2016 |

### Fingerprint

### Keywords

- Gluing algorithm
- MaxMinMax problem
- Sparse systems of equations

### ASJC Scopus subject areas

- Computer Science Applications
- Applied Mathematics

### Cite this

*Designs, Codes, and Cryptography*, 1-16. https://doi.org/10.1007/s10623-016-0294-4

**A combinatorial problem related to sparse systems of equations.** / Horak, Peter; Semaev, Igor; Tuza, Z.

Research output: Contribution to journal › Article

*Designs, Codes, and Cryptography*, pp. 1-16. https://doi.org/10.1007/s10623-016-0294-4

}

TY - JOUR

T1 - A combinatorial problem related to sparse systems of equations

AU - Horak, Peter

AU - Semaev, Igor

AU - Tuza, Z.

PY - 2016/11/2

Y1 - 2016/11/2

N2 - Nowadays sparse systems of equations occur frequently in science and engineering. In this contribution we deal with sparse systems common in cryptanalysis. Given a cipher system, one converts it into a system of sparse equations, and then the system is solved to retrieve either a key or a plaintext. Raddum and Semaev proposed new methods for solving such sparse systems common in modern ciphers which are combinations of linear layers and small S-boxes. It turns out that the solution of a combinatorial MaxMinMax problem provides an upper bound on the average computational complexity of those methods. In this paper we initiate the study of a linear algebra variation of the MaxMinMax problem. The complexity bound proved in this paper significantly overcomes conjectured complexity bounds for Gröbner basis type algorithms.

AB - Nowadays sparse systems of equations occur frequently in science and engineering. In this contribution we deal with sparse systems common in cryptanalysis. Given a cipher system, one converts it into a system of sparse equations, and then the system is solved to retrieve either a key or a plaintext. Raddum and Semaev proposed new methods for solving such sparse systems common in modern ciphers which are combinations of linear layers and small S-boxes. It turns out that the solution of a combinatorial MaxMinMax problem provides an upper bound on the average computational complexity of those methods. In this paper we initiate the study of a linear algebra variation of the MaxMinMax problem. The complexity bound proved in this paper significantly overcomes conjectured complexity bounds for Gröbner basis type algorithms.

KW - Gluing algorithm

KW - MaxMinMax problem

KW - Sparse systems of equations

UR - http://www.scopus.com/inward/record.url?scp=84994201414&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84994201414&partnerID=8YFLogxK

U2 - 10.1007/s10623-016-0294-4

DO - 10.1007/s10623-016-0294-4

M3 - Article

AN - SCOPUS:84994201414

SP - 1

EP - 16

JO - Designs, Codes, and Cryptography

JF - Designs, Codes, and Cryptography

SN - 0925-1022

ER -