抄録
In algebraic attack on stream ciphers based on LFSRs, the secret key is found by solving an overdefined system of multivariate equations. There are many known algorithms from different point of view to solve the problem, such as linearization, relinearization, XL and Gröbner Basis. The simplest method, linearization, treats each monomial of different degrees as a new variable, and consists of $\\sum_{i=1}^{d}{n \\choose i}$ variables (the degree of the system of equations is denoted by d). Thus it needs at least $\\sum_{i=1}^{d}{n \\choose i}$ equations, i.e. keystream bits to recover the secret key by Gaussian reduction or other. In this paper we firstly propose a concept, called equivalence of LFSRs. On the basis of it, we present a constructive method that can solve an overdefined system of multivariate equations with less keystream bits by extending the primitive polynomial.
