Highest Voted 'algebraic-attack' Questions - Cryptography Stack Exchange

26

votes

4 answers

How Brittle Are LCG-Cracking Techniques?

There are published techniques for cracking LCGs, but to my eye those techniques seem very brittle — very minor changes can add nonlinearity that renders techniques like the LLL algorithm unusable. Or, am I mistaken, are these variations still…

asked Nov 27 '14 at 01:57

Charphacy

546
4
10

15

votes

4 answers

Generate ANF from SBox

Given an SBox, how can I generate its component equations (in ANF)? For example, let's say I have this SBox: 6, 4, 7, 8, 0, 5, 2, 10, 14, 3, 13, 1, 12, 15, 9, 11 Then, the equations are: $y_0 = x_1 \oplus x_0x_1 \oplus x_0x_2 \oplus x_1x_2 \oplus…

s-boxes algebraic-attack

asked Jun 04 '17 at 04:07

hola

613
6
23

15

votes

2 answers

Why is there an enormous difference between SAT solvers?

SAT solvers are very important in algebraic attacks, for example walksat and minisat. However, when solving the benchmark problems available here there is an enormous performance difference between the two - Walksat is much faster than minisat for…

algebraic-attack

asked Jul 17 '11 at 14:47

ir01

4,092
3
22
31

12

votes

1 answer

XSL on serpent and rijndael - which is most affected?

So I've often looked at serpent and thought it was a very strong contender in AES. Not so long ago I was looking for evidence as to why it didn't beat rijndael. So far, the closest I've got answering that is this: The 32 rounds means that Serpent…

aes block-cipher algebraic-attack serpent

asked Jul 26 '11 at 17:27

user46

11

votes

2 answers

Evaluating Algebraic Complexity of a S-box

While studying the design and the desirable properties of an AES S-box , I came to know that Algebraic Complexity is also an important property of an S-box which is usually considered while evaluating the properties of an S-box. After reading…

aes s-boxes algebraic-attack

asked Feb 14 '15 at 16:58

m2n

111
5

9

votes

1 answer

Small subgroup confinement attack on Diffie-Hellman

I am trying to understand the small subgroup confinement attack on the Diffie-Hellman algorithm. I will present the attack and try to explain why it works. Small subgroup confinement attack on the Diffie-Hellman algorithm Let $\mathbb{Z}_p^*$ be a…

cryptanalysis diffie-hellman key-exchange algebraic-attack

asked Aug 19 '15 at 15:42

Raoul722

3,003
3
23
42

7

votes

1 answer

Is SHA-1 still practically secure under specific scenarios?

It is conjectured that SHA-1 has been broken from the "research" perspective, but not in the real world; that is, there exists an algebraic attack that explores weaknesses on its algebraic construction. The same happens for MD5, but MD5 has been…

hash collision-resistance sha-1 algebraic-attack

asked Feb 27 '13 at 18:14

curious

6,280
6
34
48

7

votes

2 answers

Are there any tools for expressing the cipher operations as a system of equations?

The first step In Algebraic-attack is expressing the cipher operations as a system of equations. Is there an automated tool to do this?

cryptanalysis algebraic-attack

asked Jul 14 '11 at 14:09

ir01

4,092
3
22
31

6

votes

1 answer

How do you find the inverse degree of a hash function?

I am trying to learn cryptanalysis on the Keccak hash function. One of the papers on zero sum distinguishers talks about Keccak having inverse degree of 3. I am unable to figure this out: how do you get an inverse degree of 3? For example one of the…

hash keccak algebraic-attack

asked Jun 25 '13 at 22:45

Soham

255
1
5

5

votes

2 answers

Determine complexity of a SAT problem

Is there a standard way to determine a complexity of the specified SAT problem? I'm researching algebraic cryptanalysis and came to solving multivariate quadratic equation systems using CryptoMiniSat. However it would be nice to evaluate a…

algebraic-attack sat

asked May 13 '12 at 19:02

rkiyanchuk

383
2
9

4

votes

2 answers

DSA signatures with related k and unknown payloads

Suppose that we are given DSA parameters $p$, $q$, $g$, a public key $y = g^x$, and two signatures $(r_1,s_1)$ and $(r_2,s_2)$. We are told that $(r_1,s_1)$ and $(r_2,s_2)$ were produced by related nonces $k_1 = k$ and $k_2 = k+1$, but we do not…

dsa algebraic-attack

asked Apr 04 '13 at 20:34

Gilles 'SO- stop being evil'

20,442
4
54
97

4

votes

1 answer

Attack on DSA with signatures made with k, k+1, k+2

For homework, I'm asked to find the private key, $x$, in a DSA digital signature scheme. In the particular instance, we are given the parameters $p$, $q$ and $g$, the public key $g^x$, 3 messages $(m_1, m_2, m_3)$, their hash values $(H(m_1),…

known-plaintext-attack dsa algebraic-attack

asked Apr 04 '13 at 17:03

user1136342

459
1
5
10

4

votes

2 answers

What is linearization attack

I know that In cryptography, the linearization attack is a method of cryptanalysis for block ciphers I am looking for an example of linearization attack couldn't find it online Could anyone please explain it with an example?

cryptanalysis algebraic-attack

asked Oct 28 '19 at 14:49

Sachin Yadav

4

votes

0 answers

Solving not so much overdetermined system of multivariate polynomial equations

I'm studying algorithms solving multivariate equations. I'm stuck in solving overdetermined set of quadratic equations. Concretely, with the number $n$ of variables, the number of equations is $m=\epsilon n^2$. If $\epsilon\geq 1/2$, it is known…

cryptanalysis finite-field algebraic-attack multivariate-cryptography

asked Jun 19 '19 at 09:07

wooa0923

173
5

4

votes

0 answers

Сryptanalysis of Hill's method

The brutal ciphertext is given. The text volume is more than 6000 characters. It is known that the text is encrypted with a 7x7 matrix. Unknown key and plaintext. Is it possible to crack this code? Russian alphabet. The vector is recalculated modulo…

encryption classical-cipher algebraic-attack

asked Dec 13 '17 at 19:42

DisplayName

141
3

Questions tagged [algebraic-attack]