Showing 1–7 of 7 results for author: Tiwari, S K

Oracle-Based Multistep Strategy for Solving Polynomial Systems Over Finite Fields and Algebraic Cryptanalysis of the Aradi Cipher

Authors: La Scala Roberto, Sharwan Kumar Tiwari

Abstract: The multistep solving strategy consists in a divide-and-conquer approach: when a multivariate polynomial system is computationally infeasible to solve directly, one variable is assigned over the elements of the base finite field, and the procedure is recursively applied to the resulting simplified systems. In a previous work by the same authors (among others), this approach proved effective in the… ▽ More The multistep solving strategy consists in a divide-and-conquer approach: when a multivariate polynomial system is computationally infeasible to solve directly, one variable is assigned over the elements of the base finite field, and the procedure is recursively applied to the resulting simplified systems. In a previous work by the same authors (among others), this approach proved effective in the algebraic cryptanalysis of the Trivium cipher. In this paper, we present a new implementation of the corresponding algorithm based on a Depth-First Search strategy, along with a novel complexity analysis leveraging tree structures. We further introduce the notion of an "oracle function" as a general predictive tool for deciding whether the evaluation of a new variable is necessary to simplify the current polynomial system. This notion allows us to unify all previously proposed variants of the multistep strategy, including the classical hybrid approach, by appropriately selecting the oracle function. Finally, we apply the multistep solving strategy to the cryptanalysis of the low-latency block cipher Aradi, recently introduced by the NSA. We present the first full round algebraic attack, raising concerns about the cipher's actual security with respect to its key length. △ Less

Submitted 11 June, 2025; originally announced June 2025.

Comments: 19 pages

A multistep strategy for polynomial system solving over finite fields and a new algebraic attack on the stream cipher Trivium

Authors: Roberto La Scala, Federico Pintore, Sharwan K. Tiwari, Andrea Visconti

Abstract: In this paper we introduce a multistep generalization of the guess-and-determine or hybrid strategy for solving a system of multivariate polynomial equations over a finite field. In particular, we propose performing the exhaustive evaluation of a subset of variables stepwise, that is, by incrementing the size of such subset each time that an evaluation leads to a polynomial system which is possibl… ▽ More In this paper we introduce a multistep generalization of the guess-and-determine or hybrid strategy for solving a system of multivariate polynomial equations over a finite field. In particular, we propose performing the exhaustive evaluation of a subset of variables stepwise, that is, by incrementing the size of such subset each time that an evaluation leads to a polynomial system which is possibly unfeasible to solve. The decision about which evaluation to extend is based on a preprocessing consisting in computing an incomplete Grobner basis after the current evaluation, which possibly generates linear polynomials that are used to eliminate further variables. If the number of remaining variables in the system is deemed still too high, the evaluation is extended and the preprocessing is iterated. Otherwise, we solve the system by a complete Grobner basis computation. Having in mind cryptanalytic applications, we present an implementation of this strategy in an algorithm called MultiSolve which is designed for polynomial systems having at most one solution. We prove explicit formulas for its complexity which are based on probability distributions that can be easily estimated by performing the proposed preprocessing on a testset of evaluations for different subsets of variables. We prove that an optimal complexity of MultiSolve is achieved by using a full multistep strategy with a maximum number of steps and in turn the standard guess-and-determine strategy, which essentially is a strategy consisting of a single step, is the worst choice. Finally, we extensively study the behaviour of MultiSolve when performing an algebraic attack on the well-known stream cipher Trivium. △ Less

Submitted 5 June, 2024; v1 submitted 16 April, 2023; originally announced April 2023.

Comments: 29 pages. To appear in Finite Fields and Their Applications

An algebraic attack to the Bluetooth stream cipher E0

Authors: Roberto La Scala, Sergio Polese, Sharwan K. Tiwari, Andrea Visconti

Abstract: In this paper we study the security of the Bluetooth stream cipher E0 from the viewpoint it is a "difference stream cipher", that is, it is defined by a system of explicit difference equations over the finite field GF(2). This approach highlights some issues of the Bluetooth encryption such as the invertibility of its state transition map, a special set of 14 bits of its 132-bit state which when g… ▽ More In this paper we study the security of the Bluetooth stream cipher E0 from the viewpoint it is a "difference stream cipher", that is, it is defined by a system of explicit difference equations over the finite field GF(2). This approach highlights some issues of the Bluetooth encryption such as the invertibility of its state transition map, a special set of 14 bits of its 132-bit state which when guessed implies linear equations among the other bits and finally a small number of spurious keys, with 83 guessed bits, which are compatible with a keystream of about 60 bits. Exploiting these issues, we implement an algebraic attack using Gröbner bases, SAT solvers and Binary Decision Diagrams. Testing activities suggest that the version based on Gröbner bases is the best one and it is able to attack E0 in about 2^79 seconds on an Intel i9 CPU. To the best of our knowledge, this work improves any previous attack based on a short keystream, hence fitting with Bluetooth specifications. △ Less

Submitted 8 August, 2022; v1 submitted 4 January, 2022; originally announced January 2022.

Comments: 24 pages, 1 figure. To appear in Finite Fields and Their Applications

MSC Class: 11T71 (Primary) 12H10; 13P10 (Secondary)

INRU: A Quasigroup Based Lightweight Block Cipher

Authors: Sharwan K. Tiwari, Ambrish Awasthi, Sucheta Chkrabarti, Sudha Yadav

Abstract: In this paper, we propose a quasigroup based block cipher design. The round functions of the encryption and decryption algorithms use quasigroup based string transformations. We show the robustness of the design against the standard differential, linear and algebraic cryptanalytic attacks. We also provide detailed statistical analysis using NIST test suite in CBC, CFB, OFB, and CTR modes of operat… ▽ More In this paper, we propose a quasigroup based block cipher design. The round functions of the encryption and decryption algorithms use quasigroup based string transformations. We show the robustness of the design against the standard differential, linear and algebraic cryptanalytic attacks. We also provide detailed statistical analysis using NIST test suite in CBC, CFB, OFB, and CTR modes of operation. We compare the statistical experimental results with the AES-128 in the same setup and conclude that the randomizing ability of our algorithm is equivalent to that of AES-128. △ Less

Submitted 14 December, 2021; originally announced December 2021.

Algebraic Properties of Subquasigroups and Construction of Cryptographically Suitable Finite Quasigroups

Authors: V. A. Artamonov, Sucheta Chakrabarti, Sharwan K. Tiwari, V. T. Markov

Abstract: In this paper, we identify many important properties and develop criteria for the existence of subquasigroups in finite quasigroups. Based on these results, we propose an effective method that concludes the nonexistence of subquasigroup of a finite quasigroup, otherwise finds its all possible proper subquasigroups. This has an important application in checking the cryptographic suitability of a fi… ▽ More In this paper, we identify many important properties and develop criteria for the existence of subquasigroups in finite quasigroups. Based on these results, we propose an effective method that concludes the nonexistence of subquasigroup of a finite quasigroup, otherwise finds its all possible proper subquasigroups. This has an important application in checking the cryptographic suitability of a finite quasigroup. \par Further, we propose a binary operation using arithmetic of finite fields to construct quasigroups of order $p^r$. We develop the criteria under which these quasigroups have desirable cryptographic properties, viz. polynomially completeness and possessing no proper subquasigroups. Then a practical method is given to construct cryptographically suitable quasigroups. We also illustrate these methods by some academic examples and implement all proposed algorithms in the computer algebra system {\sc{Singular}}. △ Less

Submitted 10 December, 2021; originally announced December 2021.

Stream/block ciphers, difference equations and algebraic attacks

Authors: Roberto La Scala, Sharwan K. Tiwari

Abstract: In this paper we model a class of stream and block ciphers as systems of (ordinary) explicit difference equations over a finite field. We call this class "difference ciphers" and we show that ciphers of application interest, as for example systems of LFSRs with a combiner, Trivium and Keeloq, belong to the class. By using Difference Algebra, that is, the formal theory of difference equations, we c… ▽ More In this paper we model a class of stream and block ciphers as systems of (ordinary) explicit difference equations over a finite field. We call this class "difference ciphers" and we show that ciphers of application interest, as for example systems of LFSRs with a combiner, Trivium and Keeloq, belong to the class. By using Difference Algebra, that is, the formal theory of difference equations, we can properly define and study important properties of these ciphers, such as their invertibility and periodicity. We describe then general cryptanalytic methods for difference ciphers that follow from these properties and are useful to assess the security. We illustrate such algebraic attacks in practice by means of the ciphers Bivium and Keeloq. △ Less

Submitted 23 August, 2021; v1 submitted 28 March, 2020; originally announced March 2020.

Comments: 26 pages, to appear in Journal of Symbolic Computation

Modular Techniques For Noncommutative Gröbner Bases

Authors: Wolfram Decker, Christian Eder, Viktor Levandovskyy, Sharwan K. Tiwari

Abstract: In this note, we extend modular techniques for computing Gröbner bases from the commutative setting to the vast class of noncommutative $G$-algebras. As in the commutative case, an effective verification test is only known to us in the graded case. In the general case, our algorithm is probabilistic in the sense that the resulting Gröbner basis can only be expected to generate the given ideal, wit… ▽ More In this note, we extend modular techniques for computing Gröbner bases from the commutative setting to the vast class of noncommutative $G$-algebras. As in the commutative case, an effective verification test is only known to us in the graded case. In the general case, our algorithm is probabilistic in the sense that the resulting Gröbner basis can only be expected to generate the given ideal, with high probability. We have implemented our algorithm in the computer algebra system {\sc{Singular}} and give timings to compare its performance with that of other instances of Buchberger's algorithm, testing examples from $D$-module theory as well as classical benchmark examples. A particular feature of the modular algorithm is that it allows parallel runs. △ Less

Submitted 10 April, 2017; originally announced April 2017.