Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Formal Power Series on Algebraic Cryptanalysis

Shuhei Nakamura

TL;DR

This paper develops formal power-series-based upper bounds for the first fall degree of polynomial systems arising in algebraic cryptanalysis, focusing on large fields where the order enables precise equalities between the first fall degree and Koszul-syzygy bounds. It proves that for non-semi-regular systems the first fall degree is bounded above by the degree of regularity, and extends these ideas to multi-graded systems by introducing the bound $D_{\mathbb{Z}_{\ge 0}^s}$ (and its ordered variant ${\bf D}_{\mathbb{Z}_{\ge 0}^s,\prec}$), tying them to multivariate Hilbert-series. The work develops a theoretical framework for the multi-graded XL algorithm with kernel search and provides the necessary assumptions to estimate solving degrees in this setting. Applications to Rainbow and GMSS show how these bounds translate into practical attack-cost estimates for key-recovery and MinRank-type KS attacks, highlighting potential reductions in solving degrees and informing parameter choices in post-quantum cryptography. Overall, the results supply a rigorous, scalable method to bound attack complexity via multi-degree Hilbert-series analysis, improving cryptanalytic planning for multivariate schemes.

Abstract

In the complexity estimation for an attack that reduces a cryptosystem to solving a system of polynomial equations, the degree of regularity and an upper bound of the first fall degree are often used in cryptanalysis. While the degree of regularity can be easily computed using a univariate formal power series under the semi-regularity assumption, determining an upper bound of the first fall degree requires investigating the concrete syzygies of an input system. In this paper, we investigate an upper bound of the first fall degree for a polynomial system over a sufficiently large field. In this case, we prove that the first fall degree of a non-semi-regular system is bounded above by the degree of regularity, and that the first fall degree of a multi-graded polynomial system is bounded above by a certain value determined from a multivariate formal power series. Moreover, we provide a theoretical assumption for computing the first fall degree of a polynomial system over a sufficiently large field.

Formal Power Series on Algebraic Cryptanalysis

TL;DR

This paper develops formal power-series-based upper bounds for the first fall degree of polynomial systems arising in algebraic cryptanalysis, focusing on large fields where the order enables precise equalities between the first fall degree and Koszul-syzygy bounds. It proves that for non-semi-regular systems the first fall degree is bounded above by the degree of regularity, and extends these ideas to multi-graded systems by introducing the bound (and its ordered variant ), tying them to multivariate Hilbert-series. The work develops a theoretical framework for the multi-graded XL algorithm with kernel search and provides the necessary assumptions to estimate solving degrees in this setting. Applications to Rainbow and GMSS show how these bounds translate into practical attack-cost estimates for key-recovery and MinRank-type KS attacks, highlighting potential reductions in solving degrees and informing parameter choices in post-quantum cryptography. Overall, the results supply a rigorous, scalable method to bound attack complexity via multi-degree Hilbert-series analysis, improving cryptanalytic planning for multivariate schemes.

Abstract

In the complexity estimation for an attack that reduces a cryptosystem to solving a system of polynomial equations, the degree of regularity and an upper bound of the first fall degree are often used in cryptanalysis. While the degree of regularity can be easily computed using a univariate formal power series under the semi-regularity assumption, determining an upper bound of the first fall degree requires investigating the concrete syzygies of an input system. In this paper, we investigate an upper bound of the first fall degree for a polynomial system over a sufficiently large field. In this case, we prove that the first fall degree of a non-semi-regular system is bounded above by the degree of regularity, and that the first fall degree of a multi-graded polynomial system is bounded above by a certain value determined from a multivariate formal power series. Moreover, we provide a theoretical assumption for computing the first fall degree of a polynomial system over a sufficiently large field.

Paper Structure

This paper contains 22 sections, 18 theorems, 78 equations, 1 table.

Table of Contents

  1. Introduction
  2. Our contribution
  3. Organization
  4. Related work
  5. Background
  6. Solver with a Gröbner basis
  7. Solver with a kernel search
  8. Solver to a multi-graded polynomial system
  9. Preliminaries
  10. Fundamental concepts in commutative ring theory
  11. Complexity estimation for a Gröbner basis algorithm
  12. Estimation using the standard grading
  13. Theoretical tool $d_{{\it KSyz}}$
  14. Diem's work
  15. Estimation using a multi-grading
  16. ...and 7 more sections

Key Result

Lemma 4.2

For homogeneous polynomials $h_1,\dots ,h_m\in \mathbb{F}_q[x_1,\dots ,x_n]$ such that $\deg h_i=d_0$, if $q>d_{{\it ff}}(h_1,\dots ,h_m)$, then we have $d_{{\it ff}}(h_1,\dots ,h_m)\geq d_{{\it KSyz}}(h_1,\dots ,h_m)$.

Theorems & Definitions (54)

  • Definition 3.1: Bar04ICPSS
  • Definition 3.2
  • Conjecture 3.3
  • Definition 3.4
  • Remark 3.5
  • Definition 4.1
  • Lemma 4.2
  • proof
  • Lemma 4.3
  • proof
  • ...and 44 more