Rigorous Bounds on Cryptanalytic Time/Memory Tradeoffs

In this paper we formalize a general model of cryptanalytic time/memory tradeoffs for the inversion of a random function f:{0,1,..., N–1} ↦{0,1,..., N–1}. The model contains all the known tradeoff techniques as special cases. It is based on a new notion of stateful random graphs. The evolution of a path in the stateful random graph depends on a hidden state such as the color in the Rainbow scheme or the table number in the classical Hellman scheme. We prove an upper bound on the number of images y=f(x) for which f can be inverted, and derive from it a lower bound on the number of hidden states. These bounds hold for an overwhelming majority of the functions f, and their proofs are based on a rigorous combinatorial analysis. With some additional natural assumptions on the behavior of the online phase of the scheme, we prove a lower bound on its worst-case time complexity $T=\Omega(\frac{N^2}{M^2 \ln N})$, where M is the memory complexity. Finally, we describe new rainbow-based time/memory/data tradeoffs, and a new method for improving the time complexity of the online phase (by a small factor) by performing a deeper analysis during preprocessing.

[1]  Amos Fiat,et al.  Rigorous time/space tradeoffs for inverting functions , 1991, STOC '91.

[2]  Jean-Didier Legat,et al.  A Time-Memory Tradeoff Using Distinguished Points: New Analysis & FPGA Results , 2002, CHES.

[3]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[4]  Eli Biham,et al.  How to decrypt or even substitute DES-encrypted messages in 228 steps , 2002, Inf. Process. Lett..

[5]  Tsutomu Matsumoto,et al.  Optimization of Time-Memory Trade-Off Cryptanalysis and Its Application to DES, FEAL-32, and Skipjack (Special Section on Cryptography and Information Security) , 1996 .

[6]  Andrew Chi-Chih Yao,et al.  Coherent Functions and Program Checkers (Extended Abstract) , 1990, STOC 1990.

[7]  Pascal Junod,et al.  Time-Memory Trade-Offs: False Alarm Detection Using Checkpoints , 2005, INDOCRYPT.

[8]  Andrew Chi-Chih Yao,et al.  Coherent Functions and Program ( extended abstract ) Checkers , .

[9]  Alex Biryukov,et al.  Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers , 2000, ASIACRYPT.

[10]  Amos Fiat,et al.  Rigorous Time/Space Trade-offs for Inverting Functions , 1999, SIAM J. Comput..

[11]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[12]  Tatsuaki Okamoto,et al.  Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[13]  Alex Biryukov Some Thoughts on Time-Memory-Data Tradeoffs , 2005, IACR Cryptol. ePrint Arch..

[14]  Alex Biryukov,et al.  Improved Time-Memory Trade-Offs with Multiple Data , 2005, Selected Areas in Cryptography.

[15]  Joos Vandewalle,et al.  On the time-memory tradeoff between exhaustive key search and table precomputation , 1998 .

[16]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[17]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[18]  Philippe Oechslin,et al.  Making a Faster Cryptanalytic Time-Memory Trade-Off , 2003, CRYPTO.

[19]  Eli Biham,et al.  Cryptanalysis of Ciphers and Protocols , 2006 .

[20]  Tsutomu Matsumoto,et al.  Achieving higher success probability in time-memory trade-off crypt analysis without increasing memory size , 1999 .