Formal Power Series on Algebraic Cryptanalysis
In cryptography, attacks that utilize a Gröbner basis have broken several cryptosystems. The complexity of computing a Gröbner basis dominates the overall computing and its estimation is important for such cryptanalysis. The complexity is given by using the solving degree, but it is hard to decide this value of a large scale system arisen from cryptography. Thus the degree of regularity and the first fall degree are used as proxies for the solving degree based on a wealth of experiments. If a given system is semi-regular, the complexity is estimated by using the degree of regularity derived from a certain power series, otherwise, by using the first fall degree derived from a construction of a syzygy. The degree of regularity is also defined on a non-semi-regular system and is experimentally larger than the first fall degree, but those relation is not clear theoretically. Moreover, in contrast to the degree of regularity, the first fall degree has been investigated specifically for each cryptosystem and its discussion on generic systems is not given. In this paper, we show an upper bound for the first fall degree of a polynomial system over a sufficiently large field. In detail, we prove that this upper bound for a non-semi-regular system is the degree of regularity. Moreover, we prove that the upper bound for a multi-graded polynomial system is a certain value only decided by its multi-degree. Furthermore, we show that the condition for the order of a field in our results is satisfied in attacks against actual multivariate cryptosystems. Consequently, under a reasonable condition for the order of a field, we clear a relation between the first fall degree and the degree of regularity and provide a theoretical method using a multivariate power series for cryptanalysis.
READ FULL TEXT