**Variable Elimination - a Tool for Algebraic Cryptanalysis**

*Bjørn Greve and Øyvind Ytrehus and Håvard Raddum*

**Abstract: **Techniques for eliminating variables from a system of nonlinear equations are used to find solutions of the system.
We discuss how these methods can be used to attack certain types of symmetric block ciphers, by solving sets of equations arising from known plain text attacks. The systems of equations corresponding to these block ciphers have the characteristics that the solution is determined by a small subset of the variables (i.e., the secret key), and also that it is known that there always exists at least one solution (again corresponding to the key which is actually used in the encryption). It turns out that some toy ciphers can be solved simpler than anticipated by this method, and that the method can take advantage of overdetermined systems.

**Category / Keywords: **foundations / XL, re-linearization, systems of equations, elimination of variables, block ciphers

**Date: **received 4 Feb 2019

**Contact author: **bjorn greve at uib no, haavardr@simula no

**Available format(s): **PDF | BibTeX Citation

**Version: **20190206:203458 (All versions of this report)

**Short URL: **ia.cr/2019/112

[ Cryptology ePrint archive ]