Multigraded Hilbert Series of noncommutative modules

In this paper, we propose methods for computing the Hilbert series of multigraded right modules over the free associative algebra. In particular, we compute such series for noncommutative multigraded algebras. Using results from the theory of regular languages, we provide conditions when the methods are effective and hence the sum of the Hilbert series is a rational function. Moreover, a characterization of finite-dimensional algebras is obtained in terms of the nilpotency of a key matrix involved in the computations. Using this result, efficient variants of the methods are also developed for the computation of Hilbert series of truncated infinite-dimensional algebras whose (non-truncated) Hilbert series may not be rational functions. We consider some applications of the computation of multigraded Hilbert series to algebras that are invariant under the action of the general linear group. In fact, in this case such series are symmetric functions which can be decomposed in terms of Schur functions. Finally, we present an efficient and complete implementation of (standard) graded and multigraded Hilbert series that has been developed in the kernel of the computer algebra system Singular. A large set of tests provides a comprehensive experimentation for the proposed algorithms and their implementations.Comment: 28 pages, to appear in Journal of Algebr

Stream/block ciphers, difference equations and algebraic attacks

In this paper we introduce a general class of stream and block ciphers that are defined by means of systems of (ordinary) explicit difference equations over a finite field. We call this class "difference ciphers". Many important ciphers such as systems of LFSRs, Trivium/Bivium and Keeloq are difference ciphers. To the purpose of studying their underlying explicit difference systems, we introduce key notions as state transition endomorphisms and show conditions for their invertibility. Reducible and periodic systems are also considered. We then propose general algebraic attacks to difference ciphers which are experimented by means of Bivium and Keeloq.Comment: 22 page

Noncommutative algebras, context-free grammars and algebraic Hilbert series

In this paper we introduce a class of noncommutative (finitely generated) monomial algebras whose Hilbert series are algebraic functions. We use the concept of graded homology and the theory of unambiguous context-free grammars for this purpose. We also provide examples of finitely presented graded algebras whose corresponding leading monomial algebras belong to the proposed class and hence possess algebraic Hilbert series.Comment: 26 pages, to appear in Journal of Symbolic Computatio

A multistep strategy for polynomial system solving over finite fields and a new algebraic attack on the stream cipher Trivium

In this paper we introduce a multistep generalization of the guess-and-determine or hybrid strategy for solving a system of multivariate polynomial equations over a finite field. In particular, we propose performing the exhaustive evaluation of a subset of variables stepwise, that is, by incrementing the size of such subset each time that an evaluation leads to a polynomial system which is possibly unfeasible to solve. The decision about which evaluation to extend is based on a preprocessing consisting in computing an incomplete Grobner basis after the current evaluation, which possibly generates linear polynomials that are used to eliminate further variables. If the number of remaining variables in the system is deemed still too high, the evaluation is extended and the preprocessing is iterated. Otherwise, we solve the system by a Grobner basis computation. Having in mind cryptanalytic applications, we present an implementation of this strategy in an algorithm called MultiSolve which is designed for polynomial systems having at most one solution. We prove explicit formulas for its complexity which are based on probability distributions that can be easily estimated by performing the proposed preprocessing on a testset of evaluations for different subsets of variables. We prove that an optimal complexity of MultiSolve is achieved by using a full multistep strategy with a maximum number of steps and in turn the classical guess-and-determine strategy, which essentially is a strategy consisting of a single step, is the worst choice. Finally, we extensively study the behaviour of MultiSolve when performing an algebraic attack on the well-known stream cipher Trivium

An algebraic attack to the Bluetooth stream cipher E0

In this paper we study the security of the Bluetooth stream cipher E0 from the viewpoint it is a “difference stream cipher”, that is, it is defined by a system of explicit difference equations over the finite field GF(2). This approach highlights some issues of the Bluetooth encryption such as the invertibility of its state transition map, a special set of 14 bits of its 132-bit state which when guessed implies linear equations among the other bits and finally a small number of spurious keys, with 83 guessed bits, which are compatible with a keystream of about 60 bits. Exploiting these issues, we implement an algebraic attack using Gröbner bases, SAT solvers and Binary Decision Diagrams. Testing activities suggest that the version based on Gröbner bases is the best one and it is able to attack E0 in about 2^79 seconds on an Intel i9 CPU. To the best of our knowledge, this work improves any previous attack based on a short keystream, hence fitting with Bluetooth specifications