Parity (XOR) Reasoning for the Index Calculus Attack

Trimoska, Monika; Ionica, Sorina; Dequen, Gilles

doi:10.1007/978-3-030-58475-7_45

Cited by 2 publications

(9 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We experimented with Gröbner bases and sat approaches. In [35], WDSat is reported to outperform the Gröbner basis methods, as well as all generic SAT solvers for this particular problem. First, we confirm this by experimenting with higher parameters and results are reported in Table 2.…”

Section: Resultsmentioning

confidence: 95%

“…The backtrack procedure is used to undo all changes made to F after the last truth-value assignment. For more details on how these procedures are handled in the WDSat implementation, see [35].…”

Section: Breaking Symmetrymentioning

confidence: 99%

“…First, we model the point decomposition problem as a logical formula, with a reduced number of clauses, when compared to the model used in [14]. We compare different sat solvers and decide that the recently introduced WDSat solver [35] is most adapted to this problem and yields the fastest running times. Secondly, we pro-pose a symmetry breaking technique and we implement it as an extension of this solver.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Progress in Cryptology - AFRICACRYPT 2020

Nitaj

Youssef²

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Logical cryptanalysis, first introduced by Massacci in 2000, is a viable alternative to common algebraic cryptanalysis techniques over boolean fields. With xor operations being at the core of many cryptographic problems, recent research in this area has focused on handling xor clauses efficiently. In this paper, we investigate solving the point decomposition step of the index calculus method for prime-degree extension fields F2n , using sat solving methods. We experimented with different sat solvers and decided on using WDSat, a solver dedicated to this specific problem. We extend this solver by adding a novel symmetry breaking technique and optimizing the time complexity of the point decomposition step by a factor of m! for the (m + 1) th summation polynomial. While asymptotically solving the point decomposition problem with this method has exponential worst time complexity in the dimension l of the vector space defining the factor base, experimental running times show that the presented sat solving technique is significantly faster than current algebraic methods based on Gröbner basis computation. For the values l and n considered in the experiments, the WDSat solver coupled with our symmetry breaking technique is up to 300 times faster than Magma's F4 implementation, and this factor grows with l and n.

show abstract

Section: Resultsmentioning

confidence: 95%

Section: Breaking Symmetrymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Progress in Cryptology - AFRICACRYPT 2020

Nitaj

Youssef²

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…

…”

mentioning

confidence: 99%

“…Its most prominent feature is the module that performs an enhanced version of Gaussian Elimination. [22] is concentrated on the theoretical aspects of the new tool, but the running time-per-conflict results suggest that this module uses efficient implementation techniques as well. Thus, the first goal of this paper is to give a comprehensive exposition of the implementation details of WDSat.…”

mentioning

confidence: 99%

Logical Cryptanalysis with WDSat

Trimoska

Dequen

Ionica

2021

Theory and Applications of Satisfiability Testing – SAT 2021

Self Cite

View full text Add to dashboard Cite

Over the last decade, there have been significant efforts in developing efficient XOR-enabled SAT solvers for cryptographic applications. In [22] we proposed a solver specialised to cryptographic problems, and more precisely to instances arising from the index calculus attack on the discrete logarithm problem for elliptic curve-based cryptosystems. Its most prominent feature is the module that performs an enhanced version of Gaussian Elimination. [22] is concentrated on the theoretical aspects of the new tool, but the running time-per-conflict results suggest that this module uses efficient implementation techniques as well. Thus, the first goal of this paper is to give a comprehensive exposition of the implementation details of WDSat. In addition, we show that the WDSat approach can be extended to other cryptographic applications, mainly all attacks that involve solving dense Boolean polynomial systems. We give complexity analysis for such systems and we compare different stateof-the-art SAT solvers experimentally, concluding that WDSat gives the best results. As a second contribution, we provide an original and economical implementation of a module for handling OR-clauses of any size, as WDSat currently handles OR-clauses comprised of up to four literals. We finally provide experimental results showing that this new approach does not impair the performance of the solver.⋆ We acknowledge financial support from the European Union under the 2014/2020 European Regional Development Fund (FEDER) and from the Agence Nationale de Recherche under project ANR20-ASTR-0011.

show abstract

Parity (XOR) Reasoning for the Index Calculus Attack

Cited by 2 publications

References 23 publications

Progress in Cryptology - AFRICACRYPT 2020

Progress in Cryptology - AFRICACRYPT 2020

Logical Cryptanalysis with WDSat

Contact Info

Product

Resources

About