Middle-Solving F4 to Compute Grobner bases for Cryptanalysis over GF(2)

TL;DR

This paper introduces Middle-Solving F4, an improved Grobner bases algorithm over GF(2) that enhances algebraic cryptanalysis by solving univariate polynomials during the process, leading to faster and more memory-efficient attacks.

Contribution

The paper presents a novel modification to the F4 algorithm, called Middle-Solving F4, which incorporates solving univariate polynomials to improve efficiency in cryptanalysis.

Findings

Middle-Solving F4 is faster than traditional F4.

It uses less memory during computation.

Effective on cryptographic polynomial systems.

Abstract

Algebraic cryptanalysis usually requires to recover the secret key by solving polynomial equations. Faugere's F4 is a well-known Grobner bases algorithm to solve this problem. However, a serious drawback exists in the Grobner bases based algebraic attacks, namely, any information won't be got if we couldn't work out the Grobner bases of the polynomial equations system. In this paper, we in-depth research the F4 algorithm over GF(2). By using S-polynomials to replace critical pairs and computing the normal form of the productions with respect to the field equations in certain steps, many "redundant" reductors are avoided during the computation process of the F4 algorithm. By slightly modifying the logic of F4 algorithm, we solve the univariate polynomials appeared in the algorithm and then back-substitute the values of the solved variables at each iteration of the algorithm. We call our improvements Middle-Solving F4. The heuristic strategy of Middle-Solving overcomes the drawback of algebraic attacks and well suits algebraic attacks. It has never been applied to the Grobner bases algorithm before. Experiments to some Hidden Field Equation instances and some classical benchmarks (Cyclic 6, Gonnet83) show that Middle-Solving F4 is faster and uses less memory than Faugere's F4.