Experimentally Verifying a Complex Algebraic Attack on the Grain-128 Cipher Using Dedicated Reconfigurable Hardware

In this work, we describe the first single-key attack on the full version of Grain-128 that can recover arbitrary keys. Our attack is based on a new version of a cube tester, which is a factor of about 2 faster than exhaustive search. To practically verify our results, we implemented the attack on the reconfigurable hardware cluster RIVYERA and tested the main components of the attack for dozens of random keys. Our experiments successfully demonstrated the correctness and expected complexity of the attack by finding a very significant bias in our new cube tester for about 7.5% of the tested keys. This is the first time that the main components of a complex analytical attack against a digital full-size cipher were successfully implemented using special-purpose hardware, truly exploiting the reconfigurable nature of an FPGA-based cryptanalytical device.

[1]  Adi Shamir,et al.  Breaking Grain-128 with Dynamic Cube Attacks , 2011, IACR Cryptol. ePrint Arch..

[2]  Mitsuru Matsui,et al.  The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[3]  Antoine Joux,et al.  Algorithmic Cryptanalysis , 2009 .

[4]  Tim Güneysu,et al.  Cryptanalysis with COPACOBANA , 2008, IEEE Transactions on Computers.

[5]  Martin Hell,et al.  A Stream Cipher Proposal: Grain-128 , 2006, 2006 IEEE International Symposium on Information Theory.

[6]  Willi Meier,et al.  Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium , 2009, FSE.

[7]  Willi Meier,et al.  Efficient FPGA Implementations of High-Dimensional Cube Testers on the Stream Cipher Grain-128 , 2009, IACR Cryptol. ePrint Arch..

[8]  John Gilmore,et al.  Cracking DES - secrets of encryption research, wiretap politics and chip design: how federal agencies subvert privacy , 1998 .

[9]  Adi Shamir,et al.  An Experimentally Verified Attack on Full Grain-128 Using Dedicated Reconfigurable Hardware , 2011, IACR Cryptol. ePrint Arch..

[10]  Stephen Budiansky,et al.  Battle of Wits: The Complete Story of Codebreaking in World War II , 2000 .

[11]  Xuejia Lai Higher Order Derivatives and Differential Cryptanalysis , 1994 .

[12]  Adi Shamir,et al.  Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[13]  Michael Vielhaber Breaking ONE.FIVIUM by AIDA an Algebraic IV Differential Attack , 2007, IACR Cryptol. ePrint Arch..

[14]  Tim Güneysu,et al.  Three Years of Evolution : Cryptanalysis with COPACOBANA , 2009 .