Vectorial Boolean functions and induced algebraic equations

A general mathematical framework behind algebraic cryptanalytic attacks is developed. The framework relates to finding algebraic equations induced by vectorial Boolean functions and, in particular, equations of low algebraic degree. The equations may involve only a subset of input variables and may or may not be conditioned on the values of output variables. In addition, the equations may have a constrained form interesting for the so-called fast algebraic attacks. A possible divide-and-conquer effect is pointed out and the notion of algebraic immunity order, naturally extending the notion of correlation immunity order, is defined. An application of general results to stream ciphers known as combiners with or without memory, with possibly multiple outputs, is studied in particular detail and the concept of divide-and-conquer algebraic attacks is introduced. Special properties of combiners with finite input memory, such as nonlinear filter generators, are also established. It is also pointed out that Groumlbner basis algorithms may be used for finding low-degree induced algebraic equations