Efficient Characteristic Set Algorithms for Equation Solving in Finite Fields and Applications in Cryptanalysis

Efficient characteristic set methods for computing solutions of polynomial equation systems in a finite field are proposed. The concept of proper triangular sets is introduced and an explicit formula for the number of solutions of a proper and monic (or regular) triangular set is given. An improved zero decomposition algorithm which can be used to reduce the zero set of an equation system in general form to the union of zero sets of monic proper triangular sets is proposed. As a consequence, we can give an explicit formula for the number of solutions of an equation system. Bitsize complexity for the algorithm is given in the case of Boolean polynomials. We also give a multiplication free characteristic set method for Boolean polynomials, where the sizes of the polynomials are effectively controlled. The algorithms are implemented in the case of Boolean polynomials and extensive experiments show that they are quite efficient for solving certain classes of Boolean equations.

💡 Research Summary

This paper presents a suite of improved characteristic‑set algorithms for solving systems of polynomial equations over finite fields, with a particular focus on Boolean (binary) polynomials and their applications in cryptanalysis. The authors begin by revisiting the classical characteristic‑set framework, which transforms a polynomial system into a triangular form that can be solved by successive elimination of variables. While powerful, the traditional approach suffers from two major drawbacks: (1) the lack of a precise mechanism to guarantee that the triangular set truly partitions the solution space, and (2) an uncontrolled growth of polynomial size (both degree and number of terms) during the elimination process, especially when the underlying field is small (e.g., ( \mathbb{F}_2 )).

To address these issues, the paper introduces the notion of a proper triangular set. A triangular set (T = {T_1,\dots,T_n}) is called proper if, for each polynomial (T_i), its leading (principal) part cannot be expressed as a linear combination of the leading parts of the preceding polynomials, and if every polynomial that is not already in (T) can be reduced to zero by the set. This definition ensures that the zero set of (T) is a disjoint component of the original system’s solution space, eliminating overlap between components generated during decomposition.

The authors prove a solution‑count theorem for proper, monic (or regular) triangular sets. If the degree of the leading variable in (T_i) is (d_i) and the base field has size (q), then the number of solutions is
\