Greg Rose wrote:
Basically, any calculation with inputs and outputs can be represented as an (insanely complicated and probably intractable) set of binary multivariate polynomials. So long as the degree of the polynomials is not too large, the method allows most of the nonlinear terms to be cancelled out, even though the attacker can't possibly handle them. Then you solve a tractable system of linear equations to recover key (or state) bits.
I would like to know how Dinur and Shamir's work differs from Courtois' previous work on Algebraic cryptanalysis of block ciphers. It is a refinement of Courtois' technique? Greg, do you, or someone else have some insight on this?
-James --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
