Solving Structured Polynomial Systems and Applications to Cryptology

Cryptography is a collection of mathematical techniques used to secure the transmission and storage of information. A fundamental problem in cryptography is to evaluate the security of cryptosystems against the most powerful techniques. To this end, several general methods have been proposed: linear cryptanalysis, differential cryptanalysis, . . . Extensively used cryptographic standards – such as aes [1] – are all resistant against linear and differential attacks. In this talk, we will describe another general method – Algebraic Cryptanalysis – which can be used to evaluate the security of such cryptosystems. Algebraic cryptanalysis can be described as a general framework that permits to evaluate the security of a wide range of cryptographic schemes.The basic principle of such cryptanalysis is to model a cryptographic primitive by a set of multivariate polynomial equations. The system of equations is constructed in such a way that solving the system is equivalent to recover a secret information of the cryptographic primitive (for instance, the secret key in the case of an encryption scheme). Consequently, evaluate the security of this cryptosystem is equivalent to estimate the theoretical and practical complexity of solving the corresponding system of equations. Since one of the most efficient tool for solving algebraic system over finite field is Gröbner bases [2], it is necessary to evaluate theoretically (e.g. [3]) and practically (e.g. [8]) the complexity of computing Gröbner bases over Fq . While it is well known that solving system of polynomial equations is NP-hard [4] in many applications, including cryptography, the polynomial systems that we have to consider are not random at all (see for instance [6]). Hence, it is a crucial task to identify several classes of polynomial systems that are easier to solve (or at least such that we are able to predict accurately the complexity [5]). In this