In many cryptographic algorithms, which are aimed at being efficiently implementable rather than having some formal proof of security (e.g. in many dedicated hash functions or block ciphers), a mixture of very different kinds of operations is used. These operations include GF(2)-linear operations, additions modulo 
, bitwise applied Boolean functions and bit shifts and rotations. As these operations are not very compatible from a mathematical point of view, it is hard to analyse these structures theoretically and you need sophisticated algorithms to solve equations in which some different of these operations are involved.
In his attacks on various hash functions (see for example [Do97]) Dobbertin had to solve large systems of equations of this kind. We analyse the algorithms used by Dobbertin and describe improvements which lead to directed graphs, which represent the sets of solutions of such equations quite efficiently.
These graphs are related very closely to binary decision diagrams (see [We03]). Thus from the theory of decision diagrams many algorithms can be adopted. For example, it is possible to efficiently compute the number of solutions or to combine two such graphs to compute the intersection of two sets of solutions.
T-functions, as proposed by Klimov and Shamir (see [Kl04]), are another topic for which these algorithms could be of some interest, because due to their defining property, equations which only include T-functions should be solvable quite efficiently with such algorithms.