Local Inversion of maps: Black box Cryptanalysis

TL;DR

This paper introduces a black box linear algebra method for local inversion of nonlinear maps in finite fields, enabling cryptanalysis of cryptographic primitives like RSA and elliptic curves in certain cases.

Contribution

It presents a universal, polynomial-time approach for local inversion of nonlinear maps using minimal polynomials, applicable to cryptanalysis of various cryptographic schemes.

Findings

Inversion of block and stream ciphers under known plaintext attack.

RSA decryption and key recovery without factoring.

Polynomial-time solution for discrete log in specific cases.

Abstract

This paper is a short summery of results announced in a previous paper on a new universal method for Cryptanalysis which uses a Black Box linear algebra approach to computation of local inversion of nonlinear maps in finite fields. It is shown that one local inverse $x$ of the map equation $y=F(x)$ can be computed by using the minimal polynomial of the sequence $y(k)$ defined by iterates (or recursion) $y(k+1)=F(y(k))$ with $y(0)=y$ when the sequence is periodic. This is the only solution in the periodic orbit of the map $F$. Further, when the degree of the minimal polynomial is of polynomial order in number of bits of the input of $F$ (called low complexity case), the solution can be computed in polynomial time. The method of computation only uses the forward computations $F(y)$ for given $y$ which is why this is called a Black Box approach. Application of this approach is then shown for cryptanalysis of several maps arising in cryptographic primitives. It is shown how in the low complexity cases maps defined by block and stream ciphers can be inverted to find the symmetric key under known plaintext attack. Then it is shown how RSA map can be inverted to find the plaintext as well as an equivalent private key to break the RSA algorithm without factoring the modulus. Finally it is shown that the discrete log computation in finite field and elliptic curves can be formulated as a local inversion problem and the low complexity cases can be solved in polynomial time.