Middle-Solving F4 to Compute Grobner bases for Cryptanalysis over GF(2)

Algebraic cryptanalysis usually requires to recover the secret key by solving polynomial equations. Faugère’s F4 is a well-known Gröbner bases algorithm to solve this problem. However, a serious drawback exists in the Gröbner bases based algebraic attacks, namely, any information won’t be got if we couldn’t work out the Gröbner bases of the polynomial equations system. In this paper, we in-depth research the F4 algorithm over GF(2). By using S-polynomials to replace critical pairs and computing the normal form of the productions with respect to the field equations in certain steps, many “redundant” reductors are avoided during the computation process of the F4 algorithm. By slightly modifying the logic of F4 algorithm, we solve the univariate polynomials appeared in the algorithm and then back-substitute the values of the solved variables at each iteration of the algorithm. We call our improvements Middle-Solving F4. The heuristic strategy of Middle-Solving overcomes the drawback of algebraic attacks and well suits algebraic attacks. It has never been applied to the Gröbner bases algorithm before. Experiments to some Hidden Field Equation instances and some classical benchmarks (Cyclic 6, Gonnet83) show that Middle-Solving F4 is faster and uses less memory than Faugère’s F4.