Mathematics in Computer Science www.birkhauser.ch/MCS
Birkhäuser
Basel • Boston • Berlin
Editors-in-Chief
Dongming Wang (Managing Editor) Laboratoire d’Informatique de Paris 6 Université Pierre et Marie Curie – CNRS 104, avenue du Président Kennedy F-75016 Paris, France
e-mail: [email protected] and
School of Mathematics and Systems Science Beihang University
37 Xueyuan Road Beijing 100191, China Zhiming Zheng
School of Mathematics and Systems Science Beihang University
37 Xueyuan Road Beijing 100191, China
E- Journal / Open Choice / Online First:
www.birkhauser.ch/MCS
Editorial Board
Yaneer Bar-Yam (Cambridge, MA, USA) Luis M. A. Bettencourt (Los Alamos, NM, USA) Jean-Charles Faugère (Paris, France)
Laureano Gonzalez-Vega (Santander, Spain) Hoon Hong (Raleigh, USA)
Manfred Kerber (Birmingham, UK) Ilias S. Kotsireas (Waterloo, ON, Canada) Stefan Ratschan (Prague, Czech Republic) Peter F. Stadler (Leipzig, Germany)
Bican Xia (Beijing, China) Chee K. Yap (New York, NY, USA) Kazuhiro Yokoyama (Tokyo, Japan) Riccardo Zecchina (Trieste, Italy) Lihong Zhi (Beijing, China)
Volume 3 No. 2 pp. 127–224 2010
ISSN 1661-8270
Mathematics in
Computer Science
Mathematics in Computer Science Vol. 3 / No. 2 / pp. 127–224 / 2010
Editors
Jean-Charles Faugère Ludovic Perret
Symbolic Computation and Cryptography
11786_3_2_oc.indd 1
11786_3_2_oc.indd 1 3/15/2010 7:15:23 PM3/15/2010 7:15:23 PM
Math.Comput.Sci. (2010) 3:127–128
DOI 10.1007/s11786-009-0017-6 Mathematics in Computer Science
Foreword
Jean-Charles Faugère · Ludovic Perret
Published online: 12 January 2010
© Birkhäuser Verlag Basel/Switzerland 2009
This special issue of Mathematics in Computer Science is devoted to Symbolic Computation and Cryptography. It is a follow-up to SCC’08, the First International Conference on Symbolic Computation and Cryptography,1which was held in Beijing, China in April 2008, with 21 papers presented to an audience of more than 100 people. The conference program also featured three invited talks given by Bruno Buchberger, Adi Shamir, and Xiaoyun Wang and one tutorial talk by Claude Carlet. Some of the papers included in this special issue were presented at SCC’08.
All the submissions were reviewed by experts in the relevant areas according to the standards of the journal. We thank the reviewers for their timely help in providing informative feedback to the authors.
This special issue, as well as the SCC conference, has been organized in response to the growing interest of applying and developing techniques and software tools of symbolic computation in cryptography. For example, lattice reduction algorithms have become a standard tool of cryptologists. The rapid development of algebraic cryptanalysis—which reduces the problem of evaluating the security of cryptographic primitives to the difficulty of solving algebraic systems—makes Gröbner bases and other algebraic system solving techniques more and more important in cryptography. As the reader may see in this issue, the intersection between Symbolic Computation and Cryptography is not limited to these mentioned tools.
We emphasize that cryptography demands the development of new efficient algorithms to treat basic problems of symbolic computation (e.g., finding “good” bases of lattice/ideals and decomposing polynomials). At least, highly efficient implementations of existing algorithms are required to handle real-life applications. For instance, an attack against HFE—a well-known cryptographic scheme based on polynomials—led to solving a system of 80 equations in 80 variables overF2with a specific version of the F5algorithm. In contrast, the algebraic cryptanalysis of symmetric ciphers requires solving an algebraic system with more than 1,000 variables. Up to now, this seems to be out of the scope of application of current algorithms. In this issue, two papers present however a new approach for small variants of AES and the stream cipher Trivium. All in all, we think that the practical constraints imposed by cryptography is an inspiring source of algorithmic challenges for symbolic computation.
1http://www.cc4cm.org/scc2008/.
J.-C. Faugère (
B
)·L. PerretLIP6/SALSA Project Team, INRIA-UPMC (Paris 6), 104, avenue du Président Kennedy, 75016 Paris, France e-mail: [email protected]
L. Perret
e-mail: [email protected]
128 J.-C. Faugère, L. Perret
The articles in this issue are related to the following topics.
• Algebraic cryptanalysis: Bulygin and Brickenstein present a new approach for modeling small variants of AES;
Eibachn, Völkel, and Pilz consider the stream ciphers Bivium and Trivium.
• Lattice-based cryptanalysis: this is done by Lee and Hahn.
• Coding theory: Otmani, Tillich, and Dallot present a very efficient attack against variants of McEliece’s system.
• Curves: Duquesne uses symbolic tools to deduce arithmetic formulas and Minzlaff presents a method for com- puting zeta functions of curves.
• Other related topics: the non-optimality and chaotic behaviour of some digital expansion are studied by Heuberger.
Mathematics in Contents Computer Science
Volume 3, No. 2 (2010) Pages 127–224
127 J.-C. Faugère and L. Perret Foreword
129 A. Otmani, J.-P. Tillich, and L. Dallot
Cryptanalysis of Two McEliece Cryptosystems Based on Quasi-Cyclic Codes
141 C. Heuberger
Redundant τ-Adic Expansions II:
Non-Optimality and Chaotic Behaviour 159 T. Eibach, G. Völkel, and E. Pilz
Optimising Gröbner Bases on Bivium 173 S. Duquesne
Traces of the Group Law on the Kummer Surface of a Curve of Genus 2 in Characteristic 2
185 S. Bulygin and M. Brickenstein
Obtaining and Solving Systems of Equations in Key Variables Only for the Small Variants of AES
201 M. S. Lee and S. G. Hahn
Cryptanalysis of the GGH Cryptosystem 209 M. Minzlaff
Computing Zeta Functions of Superelliptic Curves in Larger Characteristic
