solving, simplification and factorization of boolean equations

Travis H. solinym at gmail.com
Wed Nov 16 23:23:45 EST 2005


Does anyone have any references on how one would go about creating
manipulating the boolean equations that govern symmetric ciphers?

I know that most of the time ciphers describe an algorithm, often
using tables (S-boxes and E-tables) in lieu of providing equations,
and I'm wondering how one goes about generating the equations for each
bit of the output.

One thing I've always been curious about is the minimum amount of work
(in terms of a primitive boolean gate such as NAND) necessary to
compute the output values.  Could there be tables derived from
equations so cleverly arranged that brute forcing is very simple once
you know the original equations, but their exact structure is not
evident from the tables themselves?

Once you have some equations, how would you go about simplifying them?
 I suspect that finding the simplest form is probably NP-hard, but I'm
not certain and don't quite know where to start reading on the
subject.
--
http://www.lightconsulting.com/~travis/  -><-
"We already have enough fast, insecure systems." -- Schneier & Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list