Eliminating Variables in Boolean Equation Systems

TL;DR

This paper introduces two novel algorithms for eliminating auxiliary variables in Boolean equation systems related to cryptanalysis, maintaining a degree bound of 3 to manage computational complexity, and demonstrates their effectiveness on toy cipher models.

Contribution

The paper presents two new algorithms for variable elimination in Boolean systems that keep the degree at 3, improving efficiency in algebraic cryptanalysis.

Findings

Algorithms effectively eliminate variables while bounding degree at 3.

Application to toy ciphers shows practical viability.

Related to the well-known XL algorithm.

Abstract

Systems of Boolean equations of low degree arise in a natural way when analyzing block ciphers. The cipher's round functions relate the secret key to auxiliary variables that are introduced by each successive round. In algebraic cryptanalysis, the attacker attempts to solve the resulting equation system in order to extract the secret key. In this paper we study algorithms for eliminating the auxiliary variables from these systems of Boolean equations. It is known that elimination of variables in general increases the degree of the equations involved. In order to contain computational complexity and storage complexity, we present two new algorithms for performing elimination while bounding the degree at $3$, which is the lowest possible for elimination. Further we show that the new algorithms are related to the well known \emph{XL} algorithm. We apply the algorithms to a downscaled version of the LowMC cipher and to a toy cipher based on the Prince cipher, and report on experimental results pertaining to these examples.