-
Solving Modular Linear Systems with a Constraint by parallel decomposition of the Smith form and extended Euclidean division modulo powers of primes divisors
Authors:
Virendra Sule
Abstract:
Integral linear systems $Ax=b$ with matrices $A$, $b$ and solutions $x$ are also required to be in integers, can be solved using invariant factors of $A$ (by computing the Smith Canonical Form of $A$). This paper explores a new problem which arises in applications, that of obtaining conditions for solving the Modular Linear System $Ax=b\rem n$ given $A,b$ in $\zz_n$ for $x$ in $\zz_n$ along with t…
▽ More
Integral linear systems $Ax=b$ with matrices $A$, $b$ and solutions $x$ are also required to be in integers, can be solved using invariant factors of $A$ (by computing the Smith Canonical Form of $A$). This paper explores a new problem which arises in applications, that of obtaining conditions for solving the Modular Linear System $Ax=b\rem n$ given $A,b$ in $\zz_n$ for $x$ in $\zz_n$ along with the constraint that the value of the linear function $φ(x)=\la w,x\ra$ is coprime to $n$ for some solution $x$. In this paper we develop decomposition of the system to coprime moduli $p^{r(p)}$ which are divisors of $n$ and show how such a decomposition simplifies the computation of Smith form. This extends the well known index calculus method of computing the discrete logarithm where the moduli over which the linear system is reduced were assumed to be prime (to solve the reduced systems over prime fields) to the case when the factors of the modulus are prime powers $p^{r(p)}$. It is shown how this problem can be addressed effciently using the invariant factors and Smith form of the augmented matrix $[A,-p^{r(p)}I]$ and conditions modulo $p$ satisfied by $w$, where $p^{r(p)}$ vary over all divisors of $n$ with $p$ prime.
△ Less
Submitted 27 March, 2025; v1 submitted 13 March, 2025;
originally announced March 2025.
-
Polynomial Complexity of Inversion of sequences and Local Inversion of Maps
Authors:
Virendra Sule
Abstract:
This Paper defines and explores solution to the problem of \emph{Inversion of a finite Sequence} over the binary field, that of finding a prefix element of the sequence which confirms with a \emph{Recurrence Relation} (RR) rule defined by a polynomial and satisfied by the sequence. The minimum number of variables (order) in a polynomial of a fixed degree defining RRs is termed as the \emph{Polynom…
▽ More
This Paper defines and explores solution to the problem of \emph{Inversion of a finite Sequence} over the binary field, that of finding a prefix element of the sequence which confirms with a \emph{Recurrence Relation} (RR) rule defined by a polynomial and satisfied by the sequence. The minimum number of variables (order) in a polynomial of a fixed degree defining RRs is termed as the \emph{Polynomial Complexity} of the sequence at that degree, while the minimum number of variables of such polynomials at a fixed degree which also result in a unique prefix to the sequence and maximum rank of the matrix of evaluation of its monomials, is called \emph{Polynomial Complexity of Inversion} at the chosen degree. Solutions of this problems discovers solutions to the problem of \emph{Local Inversion} of a map $F:\ftwo^n\rightarrow\ftwo^n$ at a point $y$ in $\ftwo^n$, that of solving for $x$ in $\ftwo^n$ from the equation $y=F(x)$. Local inversion of maps has important applications which provide value to this theory. In previous work it was shown that minimal order \emph{Linear Recurrence Relations} (LRR) satisfied by the sequence known as the \emph{Linear Complexity} (LC) of the sequence, gives a unique solution to the inversion when the sequence is a part of a periodic sequence. This paper explores extension of this theory for solving the inversion problem by considering \emph{Non-linear Recurrence Relations} defined by a polynomials of a fixed degree $>1$ and satisfied by the sequence. The minimal order of polynomials satisfied by a sequence is well known as non-linear complexity (defining a Feedback Shift Register of smallest order which determines the sequences by RRs) and called as \emph{Maximal Order Complexity} (MOC) of the sequence. However unlike the LC there is no unique polynomial recurrence relation at any degree.
△ Less
Submitted 27 June, 2024;
originally announced June 2024.
-
Word Linear Complexity of sequences and Local Inversion of maps over finite fields
Authors:
Virendra Sule
Abstract:
This paper develops the notion of \emph{Word Linear Complexity} ($WLC$) of vector valued sequences over finite fields $\ff$ as an extension of Linear Complexity ($LC$) of sequences and their ensembles. This notion of complexity extends the concept of the minimal polynomial of an ensemble (vector valued) sequence to that of a matrix minimal polynomial and shows that the matrix minimal polynomial ca…
▽ More
This paper develops the notion of \emph{Word Linear Complexity} ($WLC$) of vector valued sequences over finite fields $\ff$ as an extension of Linear Complexity ($LC$) of sequences and their ensembles. This notion of complexity extends the concept of the minimal polynomial of an ensemble (vector valued) sequence to that of a matrix minimal polynomial and shows that the matrix minimal polynomial can be used with iteratively generated vector valued sequences by maps $F:\ff^n\rightarrow\ff^n$ at a given $y$ in $\ff^n$ for solving the unique local inverse $x$ of the equation $y=F(x)$ when the sequence is periodic. The idea of solving a local inverse of a map in finite fields when the iterative sequence is periodic and its application to various problems of Cryptanalysis is developed in previous papers \cite{sule322, sule521, sule722,suleCAM22} using the well known notion of $LC$ of sequences. $LC$ is the degree of the associated minimal polynomial of the sequence. The generalization of $LC$ to $WLC$ considers vector valued (or word oriented) sequences such that the word oriented recurrence relation is obtained by matrix vector multiplication instead of scalar multiplication as considered in the definition of $LC$. Hence the associated minimal polynomial is matrix valued whose degree is called $WLC$. A condition is derived when a nontrivial matrix polynomial associated with the word oriented recurrence relation exists when the sequence is periodic. It is shown that when the matrix minimal polynomial exists $n(WLC)=LC$. Finally it is shown that the local inversion problem is solved using the matrix minimal polynomial when such a polynomail exists hence leads to a word oriented approach to local inversion.
△ Less
Submitted 11 November, 2023;
originally announced November 2023.
-
Deciding One to One property of Boolean maps: Condition and algorithm in terms of implicants
Authors:
Virendra Sule
Abstract:
This paper addresses the computational problem of deciding invertibility (or one to one-ness) of a Boolean map $F$ in $n$-Boolean variables. This problem is a special case of deciding invertibilty of a map $F:\mathbb{F}_{q}^n\rightarrow\mathbb{F}_{q}^n$ over the finite field $\mathbb{F}_q$ for $q=2$. Algebraic condition for invertibility of $F$ is well known to be equivalent to invertibility of th…
▽ More
This paper addresses the computational problem of deciding invertibility (or one to one-ness) of a Boolean map $F$ in $n$-Boolean variables. This problem is a special case of deciding invertibilty of a map $F:\mathbb{F}_{q}^n\rightarrow\mathbb{F}_{q}^n$ over the finite field $\mathbb{F}_q$ for $q=2$. Algebraic condition for invertibility of $F$ is well known to be equivalent to invertibility of the Koopman operator of $F$ as shown in \cite{RamSule}. In this paper a condition for invertibility is derived in the special case of Boolean maps $F:B_0^n\rightarrow B_0^n$ where $B_0$ is the two element Boolean algebra in terms of \emph{implicants} of Boolean equations defined by the map. This condition is then extended to the case of general maps in $n$ variables and $m\geq n$ equations. Hence this condition answers the special case of invertibility of maps $F$ defined over the binary field $\mathbb{F}_2$ alternatively, in terms of implicants instead of the Koopman operator. The problem of deciding invertibility of a map $F$ (or that of finding its Garden of Eden (GOE)) over finite fields is distinct from the satisfiability problem (SAT) or the problem of deciding consistency of polynomial equations over finite fields. Hence the well known algorithms for deciding SAT or of solvability using Grobner basis for checking membership in an ideal generated by polynomials is not known to answer the question of invertibility of a map. Similarly it appears that algorithms for satisfiability or polynomial solvability are not useful for computation of GOE of $F$ even for maps over the binary field $\mathbb{F}_2$.
△ Less
Submitted 12 May, 2025; v1 submitted 15 July, 2023;
originally announced July 2023.
-
Local Inversion of maps: Black box Cryptanalysis
Authors:
Virendra Sule
Abstract:
This paper is a short summery of results announced in a previous paper on a new universal method for Cryptanalysis which uses a Black Box linear algebra approach to computation of local inversion of nonlinear maps in finite fields. It is shown that one local inverse $x$ of the map equation $y=F(x)$ can be computed by using the minimal polynomial of the sequence $y(k)$ defined by iterates (or recur…
▽ More
This paper is a short summery of results announced in a previous paper on a new universal method for Cryptanalysis which uses a Black Box linear algebra approach to computation of local inversion of nonlinear maps in finite fields. It is shown that one local inverse $x$ of the map equation $y=F(x)$ can be computed by using the minimal polynomial of the sequence $y(k)$ defined by iterates (or recursion) $y(k+1)=F(y(k))$ with $y(0)=y$ when the sequence is periodic. This is the only solution in the periodic orbit of the map $F$. Further, when the degree of the minimal polynomial is of polynomial order in number of bits of the input of $F$ (called low complexity case), the solution can be computed in polynomial time. The method of computation only uses the forward computations $F(y)$ for given $y$ which is why this is called a Black Box approach. Application of this approach is then shown for cryptanalysis of several maps arising in cryptographic primitives. It is shown how in the low complexity cases maps defined by block and stream ciphers can be inverted to find the symmetric key under known plaintext attack. Then it is shown how RSA map can be inverted to find the plaintext as well as an equivalent private key to break the RSA algorithm without factoring the modulus. Finally it is shown that the discrete log computation in finite field and elliptic curves can be formulated as a local inversion problem and the low complexity cases can be solved in polynomial time.
△ Less
Submitted 24 July, 2022; v1 submitted 7 July, 2022;
originally announced July 2022.
-
Local inversion of maps: A new attack on Symmetric encryption, RSA and ECDLP
Authors:
Virendra Sule
Abstract:
This paper presents algorithms for local inversion of maps and shows how several important computational problems such as cryptanalysis of symmetric encryption algorithms, RSA algorithm and solving the elliptic curve discrete log problem (ECDLP) can be addressed as local inversion problems. The methodology is termed as the \emph{Local Inversion Attack}. It utilizes the concept of \emph{Linear Comp…
▽ More
This paper presents algorithms for local inversion of maps and shows how several important computational problems such as cryptanalysis of symmetric encryption algorithms, RSA algorithm and solving the elliptic curve discrete log problem (ECDLP) can be addressed as local inversion problems. The methodology is termed as the \emph{Local Inversion Attack}. It utilizes the concept of \emph{Linear Complexity} (LC) of a recurrence sequence generated by the map defined by the cryptanalysis problem and the given data. It is shown that when the LC of the recurrence is bounded by a bound of polynomial order in the bit length of the input to the map, the local inversion can be accomplished in polynomial time. Hence an incomplete local inversion algorithm which searches a solution within a specified bound on computation can estimate the density of weak cases of cryptanalysis defined by such data causing low LC. Such cases can happen accidentally but cannot be avoided in practice and are fatal insecurity flaws of cryptographic primitives which are wrongly assumed to be secure on the basis of exponential average case complexity. An incomplete algorithm is proposed for solving problems such as key recovery of symmetric encryption algorithms, decryption of RSA ciphertext without factoring the modulus, decrypting any ciphertext of RSA given one plaintext ciphertext pair created with same public key in chosen ciphertext attack and solving the discrete logarithm on elliptic curves over finite fields (ECDLP) as local inversion problems. It is shown that when the LCs of the respective recurrences for given data are small, solutions of these problems are possible in practically feasible time and memory resources.
△ Less
Submitted 6 March, 2022; v1 submitted 14 February, 2022;
originally announced February 2022.
-
A Complete algorithm for local inversion of maps: Application to Cryptanalysis
Authors:
Virendra Sule
Abstract:
For a map (function) $F(x):\ftwo^n\rightarrow\ftwo^n$ and a given $y$ in the image of $F$ the problem of \emph{local inversion} of $F$ is to find all inverse images $x$ in $\ftwo^n$ such that $y=F(x)$. In Cryptology, such a problem arises in Cryptanalysis of One way Functions (OWFs). The well known TMTO attack in Cryptanalysis is a probabilistic algorithm for computing one solution of local invers…
▽ More
For a map (function) $F(x):\ftwo^n\rightarrow\ftwo^n$ and a given $y$ in the image of $F$ the problem of \emph{local inversion} of $F$ is to find all inverse images $x$ in $\ftwo^n$ such that $y=F(x)$. In Cryptology, such a problem arises in Cryptanalysis of One way Functions (OWFs). The well known TMTO attack in Cryptanalysis is a probabilistic algorithm for computing one solution of local inversion using $O(\sqrt N)$ order computation in offline as well as online for $N=2^n$. This paper proposes a complete algorithm for solving the local inversion problem which uses linear complexity for a unique solution in a periodic orbit. The algorithm is shown to require an offline computation to solve a hard problem (possibly requiring exponential computation) and an online computation dependent on $y$ that of repeated forward evaluation $F(x)$ on points $x$ in $\ff_{2^n}$ which is polynomial time at each evaluation. However the forward evaluation is repeated at most as many number of times as the Linear Complexity of the sequence $\{y,F(y),\ldots\}$ to get one possible solution when this sequence is periodic. All other solutions are obtained in chains $\{e,F(e),\ldots\}$ for all points $e$ in the Garden of Eden (GOE) of the map $F$. Hence a solution $x$ exists iff either the former sequence is periodic or a solution occurs in a chain starting from a point in GOE. The online computation then turns out to be polynomial time $O(L^k)$ in the linear complexity $L$ of the sequence to compute one possible solution in a periodic orbit or $O(l)$ the chain length for a fixed $n$. Hence this is a complete algorithm for solving the problem of finding all rational solutions $x$ of the equation $F(x)=y$ for a given $y$ and a map $F$ in $\ff_{2^n}$.
△ Less
Submitted 21 January, 2022; v1 submitted 15 May, 2021;
originally announced May 2021.
-
On Linear Representation, Complexity and Inversion of maps over finite fields
Authors:
Ramachandran Anantharaman,
Virendra Sule
Abstract:
This paper defines a linear representation for nonlinear maps $F:\mathbb{F}^n\rightarrow\mathbb{F}^n$ where $\mathbb{F}$ is a finite field, in terms of matrices over $\mathbb{F}$. This linear representation of the map $F$ associates a unique number $N$ and a unique matrix $M$ in $\mathbb{F}^{N\times N}$, called the Linear Complexity and the Linear Representation of $F$ respectively, and shows that…
▽ More
This paper defines a linear representation for nonlinear maps $F:\mathbb{F}^n\rightarrow\mathbb{F}^n$ where $\mathbb{F}$ is a finite field, in terms of matrices over $\mathbb{F}$. This linear representation of the map $F$ associates a unique number $N$ and a unique matrix $M$ in $\mathbb{F}^{N\times N}$, called the Linear Complexity and the Linear Representation of $F$ respectively, and shows that the compositional powers $F^{(k)}$ are represented by matrix powers $M^k$. It is shown that for a permutation map $F$ with representation $M$, the inverse map has the linear representation $M^{-1}$. This framework of representation is extended to a parameterized family of maps $F_λ(x): \mathbb{F} \to \mathbb{F}$, defined in terms of a parameter $λ\in \mathbb{F}$, leading to the definition of an analogous linear complexity of the map $F_λ(x)$, and a parameter-dependent matrix representation $M_λ$ defined over the univariate polynomial ring $\mathbb{F}[λ]$. Such a representation leads to the construction of a parametric inverse of such maps where the condition for invertibility is expressed through the unimodularity of this matrix representation $M_λ$. Apart from computing the compositional inverses of permutation polynomials, this linear representation is also used to compute the cycle structures of the permutation map. Lastly, this representation is extended to a representation of the cyclic group generated by a permutation map $F$, and to the group generated by a finite number of permutation maps over $\mathbb{F}$.
△ Less
Submitted 2 April, 2024; v1 submitted 26 October, 2020;
originally announced October 2020.
-
Implicant based parallel all solution solver for Boolean satisfiability
Authors:
Virendra Sule
Abstract:
This paper develops a parallel computational solver for computing all satifying assignments of a Boolean system of equations defined by Boolean functions of several variables. While there are we known solvers for satisfiability of Boolean formulas in CNF form, these are designed primarily for deciding satisfiability of the formula and do not address the problem of finding all satisfying solutions.…
▽ More
This paper develops a parallel computational solver for computing all satifying assignments of a Boolean system of equations defined by Boolean functions of several variables. While there are we known solvers for satisfiability of Boolean formulas in CNF form, these are designed primarily for deciding satisfiability of the formula and do not address the problem of finding all satisfying solutions. Moreover development of parallel solvers for satisfiability problems is still an unfinished problem of Computer Science. The solver proposed in this paper is aimed at representing all solutions of Boolean formulas even without the CNF form with a parallel algorithm. Algorithm proposed is applied to Boolean functions in algebraic normal form (ANF). The algorithm is based on the idea to represent the satisfying assignments in terms of a complete set of implicants of the Boolean functions appearing as factors of a Boolean formula. The algorithm is effective mainly in the case when the factors of the formula are sparse (i.e. have a small fraction of the total number of variables). This allows small computation of a complete set of implicants of individual factors one at a time and reduce the formula at each step. An algorithm is also proposed for finding a complete set of orthogonal implicants of functions in ANF. An advantages of this algorithm is that all solutions can be represented compactly in terms of implicants. Finally due to small and distributed computation at every step as well as computation in terms of independent threads, the solver proposed in this paper is expected to be useful for developing heuristics for a well scalable parallel solver for large size problems of Boolean satisfiability over large number of processors.
△ Less
Submitted 6 February, 2017; v1 submitted 29 November, 2016;
originally announced November 2016.
-
Projective cofactor decompositions of Boolean functions and the satisfiability problem
Authors:
Madhav Desai,
Virendra Sule
Abstract:
Given a CNF formula $F$, we present a new algorithm for deciding the satisfiability (SAT) of $F$ and computing all solutions of assignments. The algorithm is based on the concept of \emph{cofactors} known in the literature. This paper is a fallout of the previous work by authors on Boolean satisfiability \cite{sul1, sul2,sude}, however the algorithm is essentially independent of the orthogonal exp…
▽ More
Given a CNF formula $F$, we present a new algorithm for deciding the satisfiability (SAT) of $F$ and computing all solutions of assignments. The algorithm is based on the concept of \emph{cofactors} known in the literature. This paper is a fallout of the previous work by authors on Boolean satisfiability \cite{sul1, sul2,sude}, however the algorithm is essentially independent of the orthogonal expansion concept over which previous papers were based. The algorithm selects a single concrete cofactor recursively by projecting the search space to the set which satisfies a CNF in the formula. This cofactor is called \emph{projective cofactor}. The advantage of such a computation is that it recursively decomposes the satisfiability problem into independent sub-problems at every selection of a projective cofactor. This leads to a parallel algorithm for deciding satisfiability and computing all solutions of a satisfiable formula.
△ Less
Submitted 7 May, 2017; v1 submitted 15 March, 2016;
originally announced March 2016.
-
Generalized cofactors and decomposition of Boolean satisfiability problems
Authors:
Madhav Desai,
Virendra Sule
Abstract:
We propose an approach for decomposing Boolean satisfiability problems while extending recent results of \cite{sul2} on solving Boolean systems of equations. Developments in \cite{sul2} were aimed at the expansion of functions $f$ in orthonormal (ON) sets of base functions as a generalization of the Boole-Shannon expansion and the derivation of the consistency condition for the equation $f=0$ in t…
▽ More
We propose an approach for decomposing Boolean satisfiability problems while extending recent results of \cite{sul2} on solving Boolean systems of equations. Developments in \cite{sul2} were aimed at the expansion of functions $f$ in orthonormal (ON) sets of base functions as a generalization of the Boole-Shannon expansion and the derivation of the consistency condition for the equation $f=0$ in terms of the expansion co-efficients. In this paper, we further extend the Boole-Shannon expansion over an arbitrary set of base functions and derive the consistency condition for $f=1$. The generalization of the Boole-Shannon formula presented in this paper is in terms of \emph{cofactors} as co-efficients with respect to a set of CNFs called a \emph{base} which appear in a given Boolean CNF formula itself. This approach results in a novel parallel algorithm for decomposition of a CNF formula and computation of all satisfying assignments when they exist by using the given data set of CNFs itself as the base.
△ Less
Submitted 7 December, 2014;
originally announced December 2014.
-
An algorithm for Boolean satisfiability based on generalized orthonormal expansion
Authors:
Virendra Sule
Abstract:
This paper proposes an algorithm for deciding consistency of systems of Boolean equations in several variables with co-efficients in the two element Boolean algebra $B_{0}=\{0,1\}$ and find all satisfying assignments. The algorithm is based on the application of a well known generalized Boole-Shannon orthonormal (ON) expansion of Boolean functions. A necessary and sufficient consistency condition…
▽ More
This paper proposes an algorithm for deciding consistency of systems of Boolean equations in several variables with co-efficients in the two element Boolean algebra $B_{0}=\{0,1\}$ and find all satisfying assignments. The algorithm is based on the application of a well known generalized Boole-Shannon orthonormal (ON) expansion of Boolean functions. A necessary and sufficient consistency condition for a special class of functions was developed in \cite{sule} using such an expansion. Paper \cite{sule} develops a condition for consistency of the equation $f(X)=0$ for the special classes of Boolean functions 1) $f$ in $B(Φ(X))$ for an ON set $Φ$ of Boolean functions in $X$ over a general Boolean algebra $B$ and 2) $f$ in $B(X_{2})(Φ(X_{1}))$. The present paper addresses the problem of obtaining the consistency conditions for arbitrary Boolean functions in $B_{0}(X)$. Next, the consistency for a single equation is shown equivalent to another system of Boolean equations which involves the ON functions and characterizes all solutions. This result is then extended for Boolean systems in several variables over the algebra $B_{0}=\{0,1\}$ which does not convert the system into a single equation. This condition leads to the algorithm for computing all solutions of the Boolean system without using analogous resolution and determine satisfiability. For special systems defined by CNF formulas this algorithm results into an extension of the DPLL algorithm in which the \emph{splitting rule} is generalized to several variables in terms of ON terms in the sense that splitting of CNF set in a single variable $x$ is equivalent to ON terms $x,x'$.
△ Less
Submitted 15 July, 2014; v1 submitted 18 June, 2014;
originally announced June 2014.
-
Generalization of Boole-Shannon expansion, consistency of Boolean equations and elimination by orthonormal expansion
Authors:
Virendra Sule
Abstract:
The well known Boole-Shannon expansion of Boolean functions in several variables (with co-efficients in a Boolean algebra $B$) is also known in more general form in terms of expansion in a set $Φ$ of orthonormal functions. However, unlike the one variable step of this expansion an analogous elimination theorem and consistency is not well known. This article proves such an elimination theorem for a…
▽ More
The well known Boole-Shannon expansion of Boolean functions in several variables (with co-efficients in a Boolean algebra $B$) is also known in more general form in terms of expansion in a set $Φ$ of orthonormal functions. However, unlike the one variable step of this expansion an analogous elimination theorem and consistency is not well known. This article proves such an elimination theorem for a special class of Boolean functions denoted $B(Φ)$. When the orthonormal set $Φ$ is of polynomial size in number $n$ of variables, the consistency of a Boolean equation $f=0$ can be determined in polynomial number of $B$-operations. A characterization of $B(Φ)$ is also shown and an elimination based procedure for computing consistency of Boolean equations is proposed.
△ Less
Submitted 4 December, 2013; v1 submitted 11 June, 2013;
originally announced June 2013.
