Eliminating Variables in Boolean Equation Systems

Systems of Boolean equations of low degree arise in a natural way when analyzing block ciphers. The cipher's round functions relate the secret key to auxiliary variables that are introduced by each successive round. In algebraic cryptanalysis, the attacker attempts to solve the resulting equation system in order to extract the secret key. In this paper we study algorithms for eliminating the auxiliary variables from these systems of Boolean equations. It is known that elimination of variables in general increases the degree of the equations involved. In order to contain computational complexity and storage complexity, we present two new algorithms for performing elimination while bounding the degree at $3$, which is the lowest possible for elimination. Further we show that the new algorithms are related to the well known \emph{XL} algorithm. We apply the algorithms to a downscaled version of the LowMC cipher and to a toy cipher based on the Prince cipher, and report on experimental results pertaining to these examples.Comment: 21 pages, 3 figures, Journal pape

On the computation of coset leaders with high Hamming weight

AbstractThe Newton radius of a code is the largest weight of a uniquely correctable error. The covering radius is the largest distance between a vector and the code. In this paper, we use the modular representation of a linear code to give an efficient algorithm for computing coset leaders of relatively high Hamming weight. The weights of these coset leaders serve as lower bounds on the Newton radius and the covering radius for linear codes

A Practical Adaptive Key Recovery Attack on the LGM (GSW-like) Cryptosystem

Under embargo until: 2022-07-15We present an adaptive key recovery attack on the leveled homomorphic encryption scheme suggested by Li, Galbraith and Ma (Provsec 2016), which itself is a modification of the GSW cryptosystem designed to resist key recovery attacks by using a different linear combination of secret keys for each decryption. We were able to efficiently recover the secret key for a realistic choice of parameters using a statistical attack. In particular, this means that the Li, Galbraith and Ma strategy does not prevent adaptive key recovery attacks.acceptedVersio

Cryptanalysis of the multivariate encryption scheme EFLASH

Post-Quantum Cryptography studies cryptographic algorithms that quantum computers cannot break. Recent advances in quantum computing have made this kind of cryptography necessary, and research in the field has surged over the last years as a result. One of the main families of post-quantum cryptographic schemes is based on finding solutions of a polynomial system over finite fields. This family, known as multivariate cryptography, includes both public key encryption and signature schemes. The majority of the research contribution of this thesis is devoted to understanding the security of multivariate cryptography. We mainly focus on big field schemes, i.e., constructions that utilize the structure of a large extension field. One essential contribution is an increased understanding of how Gröbner basis algorithms can exploit this structure. The increased knowledge furthermore allows us to design new attacks in this setting. In particular, the methods are applied to two encryption schemes suggested in the literature: EFLASH and Dob. We show that the recommended parameters for these schemes will not achieve the proposed 80-bit security. Moreover, it seems unlikely that there can be secure and efficient variants based on these ideas. Another contribution is the study of the effectiveness and limitations of a recently proposed rank attack. Finally, we analyze some of the algebraic properties of MiMC, a block cipher designed to minimize its multiplicative complexity.Doktorgradsavhandlin

On the IND-CCA1 Security of FHE Schemes

Fully homomorphic encryption (FHE) is a powerful tool in cryptography that allows one to perform arbitrary computations on encrypted material without having to decrypt it first. There are numerous FHE schemes, all of which are expanded from somewhat homomorphic encryption (SHE) schemes, and some of which are considered viable in practice. However, while these FHE schemes are semantically (IND-CPA) secure, the question of their IND-CCA1 security is much less studied, and we therefore provide an overview of the IND-CCA1 security of all acknowledged FHE schemes in this paper. To give this overview, we grouped the SHE schemes into broad categories based on their similarities and underlying hardness problems. For each category, we show that the SHE schemes are susceptible to either known adaptive key recovery attacks, a natural extension of known attacks, or our proposed attacks. Finally, we discuss the known techniques to achieve IND-CCA1-secure FHE and SHE schemes. We concluded that none of the proposed schemes were IND-CCA1-secure and that the known general constructions all had their shortcomings.publishedVersio

High precision text extraction from PDF documents

Oppgaven tar for seg problemet med uthenting av informasjon fra dokumenter lagret i PDF-formatet, noe som er vanskelig på grunn av at informasjonen blir lagret visuelt og uten en god struktur. I oppgaven blir det sett på bruk og tilpassning av teori hentet fra OCR for å prøve å gjenopprette denne tapte strukturen

Search for Planckian Black Holes in the Di-Lepton Channel with the ATLAS Detector at the LHC

In some scenarios proposing extra dimensions, the fundamental Planck scale is in the order of a TeV, and the apparent weakness of the gravitational force is a consequence of the large compactified volume of the extra dimensions. These scenarios render possible the non-perturbative process of black hole formation at hadron colliders. It has been argued that black hole signatures based on thermal multi-particle final states are very unlikely. However, strong gravity effects at center of mass energies of the order of the Planck mass are expected to yield an increase in the $2\rightarrow 2$ production cross section. This thesis reviews the signatures and discovery potential of Planckian black holes, by which is meant true or virtual black holes or simply strong gravity effects, decaying to two leptons in the context of the ADD model in $pp$ collisions at $\sqrt{s} = 7$ TeV at the LHC. Based on data recorded by the ATLAS experiment during 2010 which correspond to a total integrated luminosity of $\sim 40$ pb$^{-1}$, no statistically significant excess above the Standard Model expectation is observed. A combined search for high-mass and boosted di-lepton final states results in upper limits at the 95\% confidence level on the production cross section for three Planckian black hole models. Assuming six large extra dimensions and a Planck mass of 2 TeV, the quoted limits are; $8.2 \times 10^{1}$ pb for conservation of B, L and flavours; $6.2 \times 10^{1}$ pb for conservation of B and L; $5.3 \times 10^{1}$ pb for conservation of B-L only

MRHS Solver Based on Linear Algebra and Exhaustive Search

We show how to build a binary matrix from the MRHS representation of a symmetric-key cipher. The matrix contains the cipher represented as an equation system and can be used to assess a cipher\u27s resistance against algebraic attacks. We give an algorithm for solving the system and compute its complexity. The complexity is normally close to exhaustive search on the variables representing the user-selected key. Finally, we show that for some variants of LowMC, the joined MRHS matrix representation can be used to speed up regular encryption in addition to exhaustive key search