Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Solving Systems of Equations with Incompatible Operations CITS.

Published byOwen Vega Modified over 10 years ago

Similar presentations

Presentation on theme: "Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Solving Systems of Equations with Incompatible Operations CITS."— Presentation transcript:

1 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Solving Systems of Equations with Incompatible Operations CITS – Cryptology and Information Security Fakultät für Mathematik Ruhr-Universität Bochum Magnus Daum

2 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations2 Overview Motivation Dobbertins Algorithm Solution Graphs Algorithms for Solution Graphs Conclusions

3 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations3 Systems of Equations Cryptanalysis often uses systems of equations, e.g. –linear equations –quadratic equations (e.g. algebraic attack) But many cryptosystems include different, mathematically incompatible kinds of operations: –integer operations modulo 2 n –bitwise defined functions –bitrotations / -shifts could be also represented by polynomial equations better to have tools for directly solving equations involving such different operations

4 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations4 Motivation/Application Dobbertins attacks on hash functions: –e.g. solve where f is a bitwise defined function –Idea: X k,…,0 solution for least significant k+1 bit ) X k-1,…,0 solution for least significant k bit –Solve from right to left T-functions (Klimov/Shamir): –f T-function, k-th output bit of f depends only on least significant k-1 input bits –solvable from right to left

5 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations5 Dobbertins Algorithm tree of solutions

6 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations6 Dobbertins Algorithm tree of solutions Often possible to stop early Faster than exhaustive search For each solution there exists a leaf in the tree Complexity directly related to the number of solutions Problem: We are mainly interested in equations with many solutions.

7 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations7 Improvement: Exploiting Redundancy Idea: Combine redundant subtrees Problem: Detect redundancy during the construction of the graph Only the carrybit is relevant for the solution for the third bit Labeling the vertices with the carrybits makes it possible to detect redundancies on the fly tree of solutions

8 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations8 Example Tree of solutions from Dobbertins algorithm

9 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations9 Example solution graph 1010100101 1010100101 1010100101 0

10 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations10 solution graph Example Compact representation of the set of solutions Can be simplified even more

11 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations11 Solution Graphs One root and one sink Labelling of the edges describes solutions: Each path from the root to the sink represents a solution (and vice versa) Also possible to consider equations with more than one variable: –E.g. label edges with X i Y i Z i instead of only X i sink root

12 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations12 Size of Solution Graphs possible to minimize size: –delete dead-ends –merge equivalent vertices Size is hardly predictable in general worst-Case: exponential size here: upper bounds –because of labelling with carrybits –T-functions: narrowness gives upper bound on possible labels

13 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations13 T-functions: Narrowness general T-function: w-narrow T-function:

14 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations14 Algorithms for Solution Graphs Solution graphs are closely related to binary decision diagrams (BDDs) Further efficient algorithms from the theory of BDDs deriveable: –computing the number of solutions –choosing random solutions –combining solution graphs (e.g. intersecting two sets of solutions)

15 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations15 Computing the Number of Solutions Counting the number of ways to reach the sink from each of the vertices Complexity: linear in der size of the graph allows choosing solutions uniformly at random 2+3=5 1 4 1+2=3 2 1 1 1+1=2 4+5=9 solutions

16 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations16 Intersection Complexity: roughly quadratic in the sizes

17 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations17 Generalized Solution Graphs Use variables, which are not represented explicitly in the graph (allows representing 9 Y:...-like statements)

18 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations18 Generalized Solution Graphs Use variables, which are not represented explicitly in the graph (allows representing 9 Y:...-like statements) Allow similar, but more sophisticated algorithms right bit shifts and bit rotations can be integrated

19 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations19 Conclusion presented a new data structure, a solution graph closely related to BDDs allows efficient computation and representation of special systems of equations with incompatible operations especially for T-functions with small narrowness

20 Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie 1.12.2004Daum - Solving Systems of Equations with Incompatible Operations20 Thank you! Questions???

Download ppt "Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Solving Systems of Equations with Incompatible Operations CITS."

Similar presentations

Which Hash Functions will survive?

Which Hash Functions will survive?
Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Cryptanalysis of Hash Functions of the MD4-Family CITS – Cryptology.

Ruhr- Universität Bochum Fakultät für Mathematik Informationssicherheit und Kryptologie Cryptanalysis of Hash Functions of the MD4-Family CITS – Cryptology.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 1 23 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Lower Bounds for Local Search by Quantum Arguments Scott Aaronson.

Lower Bounds for Local Search by Quantum Arguments Scott Aaronson.
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Problems and Their Classes

Problems and Their Classes
18-Dec-14 Pruning. 2 Exponential growth How many leaves are there in a complete binary tree of depth N? This is easy to demonstrate: Count “going left”

18-Dec-14 Pruning. 2 Exponential growth How many leaves are there in a complete binary tree of depth N? This is easy to demonstrate: Count “going left”
Analysis of Algorithms CS 477/677

Analysis of Algorithms CS 477/677
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
GRAPH BALANCING. Scheduling on Unrelated Machines J1 J2 J3 J4 J5 M1 M2 M3.

GRAPH BALANCING. Scheduling on Unrelated Machines J1 J2 J3 J4 J5 M1 M2 M3.
Michael Alves, Patrick Dugan, Robert Daniels, Carlos Vicuna

Michael Alves, Patrick Dugan, Robert Daniels, Carlos Vicuna
Chapter 6: Transform and Conquer

Chapter 6: Transform and Conquer
Algorithms Recurrences. Definition – a recurrence is an equation or inequality that describes a function in terms of its value on smaller inputs Example.

Algorithms Recurrences. Definition – a recurrence is an equation or inequality that describes a function in terms of its value on smaller inputs Example.
Computational Complexity 1. Time Complexity 2. Space Complexity.

Computational Complexity 1. Time Complexity 2. Space Complexity.
Compression & Huffman Codes

Compression & Huffman Codes
DAST, Spring 2006. © L. Joskowicz 1 Data Structures – LECTURE 1 Introduction Motivation: algorithms and abstract data types Easy problems, hard problems.

DAST, Spring © L. Joskowicz 1 Data Structures – LECTURE 1 Introduction Motivation: algorithms and abstract data types Easy problems, hard problems.
Course Review COMP171 Spring 2009. Hashing / Slide 2 Elementary Data Structures * Linked lists n Types: singular, doubly, circular n Operations: insert,

Course Review COMP171 Spring Hashing / Slide 2 Elementary Data Structures * Linked lists n Types: singular, doubly, circular n Operations: insert,
Backtracking Reading Material: Chapter 13, Sections 1, 2, 4, and 5.

Backtracking Reading Material: Chapter 13, Sections 1, 2, 4, and 5.
Hardness Results for Problems

Hardness Results for Problems
1 Section 2.3 Complexity of Algorithms. 2 Computational Complexity Measure of algorithm efficiency in terms of: –Time: how long it takes computer to solve.

1 Section 2.3 Complexity of Algorithms. 2 Computational Complexity Measure of algorithm efficiency in terms of: –Time: how long it takes computer to solve.
DAST, Spring 2004. © L. Joskowicz 1 Data Structures – LECTURE 1 Introduction Motivation: algorithms and abstract data types Easy problems, hard problems.

DAST, Spring © L. Joskowicz 1 Data Structures – LECTURE 1 Introduction Motivation: algorithms and abstract data types Easy problems, hard problems.

Similar presentations

Ads by Google