Improved Division Property Based Cube Attacks Exploiting Algebraic Properties of Superpoly

The cube attack is an important technique for the cryptanalysis of symmetric key primitives, especially for stream ciphers. Aiming at recovering some secret key bits, the adversary reconstructs a superpoly with the secret key bits involved, by summing over a set of the plaintexts/IV which is called a cube. Traditional cube attack only exploits linear/quadratic superpolies. Moreover, for a long time after its proposal, the size of the cubes has been largely confined to an experimental range, e.g., typically 40. These limits were first overcome by the division property based cube attacks proposed by Todo et al. at CRYPTO 2017. Based on MILP modelled division property, for a cube (index set) I, they identify the small (index) subset J of the secret key bits involved in the resultant superpoly. During the precomputation phase which dominates the complexity of the cube attacks, \(2^{|I|+|J|}\) encryptions are required to recover the superpoly. Therefore, their attacks can only be available when the restriction \(|I|+|J|

[1]  Willi Meier,et al.  Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium , 2009, FSE.

[2]  Marian Srebrny,et al.  Cube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function , 2015, EUROCRYPT.

[3]  Keting Jia,et al.  New Automatic Search Tool for Impossible Differentials and Zero-Correlation Linear Approximations , 2016, IACR Cryptol. ePrint Arch..

[4]  Willi Meier,et al.  A Refinement of "A Key-recovery Attack on 855-round Trivium" From CRYPTO 2018 , 2018, IACR Cryptol. ePrint Arch..

[5]  Yosuke Todo,et al.  Cube Attacks on Non-Blackbox Polynomials Based on Division Property , 2018, IEEE Transactions on Computers.

[6]  Willi Meier,et al.  Conditional Differential Cryptanalysis of Grain-128a , 2012, CANS.

[7]  Yu Sasaki,et al.  New Impossible Differential Search Tool from Design and Cryptanalysis Aspects - Revealing Structural Properties of Several Ciphers , 2017, EUROCRYPT.

[8]  Willi Meier,et al.  A Key-recovery Attack on 855-round Trivium , 2018, IACR Cryptol. ePrint Arch..

[9]  Lei Hu,et al.  Towards Finding the Best Characteristics of Some Bit-oriented Block Ciphers and Automatic Enumeration of ( Related-key ) Differential and Linear Characteristics with Predefined Properties , 2015 .

[10]  Anne Canteaut,et al.  Stream Ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression , 2016, Journal of Cryptology.

[11]  Xiaoyun Wang,et al.  Improved Conditional Cube Attacks on Keccak Keyed Modes with MILP Method , 2017, ASIACRYPT.

[12]  Ling Qin,et al.  Cube-like Attack on Round-Reduced Initialization of Ketje Sr , 2017, IACR Trans. Symmetric Cryptol..

[13]  Dawu Gu,et al.  Differential and Linear Cryptanalysis Using Mixed-Integer Linear Programming , 2011, Inscrypt.

[14]  Avik Chakraborti,et al.  TriviA: A Fast and Secure Authenticated Encryption Scheme , 2015, CHES.

[15]  Wei Wang,et al.  Automatic Search of Bit-Based Division Property for ARX Ciphers and Word-Based Division Property , 2017, ASIACRYPT.

[16]  B. Preneel,et al.  Trivium Specifications ? , 2022 .

[17]  Meiqin Wang,et al.  Conditional Cube Attack on Reduced-Round Keccak Sponge Function , 2017, EUROCRYPT.

[18]  Xiaoyun Wang,et al.  Conditional Cube Attack on Round-Reduced ASCON , 2017, IACR Trans. Symmetric Cryptol..

[19]  Adi Shamir,et al.  Breaking Grain-128 with Dynamic Cube Attacks , 2011, IACR Cryptol. ePrint Arch..

[20]  Lei Hu,et al.  Automatic Security Evaluation and (Related-key) Differential Characteristic Search: Application to SIMON, PRESENT, LBlock, DES(L) and Other Bit-Oriented Block Ciphers , 2014, ASIACRYPT.

[21]  Qingju Wang,et al.  Zero-Sum Partitions of PHOTON Permutations , 2018, IACR Cryptol. ePrint Arch..

[22]  Yosuke Todo Integral Cryptanalysis on Full MISTY1 , 2015, CRYPTO.

[23]  Pierre-Alain Fouque,et al.  Improving Key Recovery to 784 and 799 rounds of Trivium using Optimized Cube Attacks , 2013, IACR Cryptol. ePrint Arch..

[24]  Leonie Ruth Simpson,et al.  Investigating Cube Attacks on the Authenticated Encryption Stream Cipher ACORN , 2016, ATIS.

[25]  Meicheng Liu,et al.  Degree Evaluation of NFSR-Based Cryptosystems , 2017, CRYPTO.

[26]  Yosuke Todo,et al.  Improved Division Property Based Cube Attacks Exploiting Algebraic Properties of Superpoly , 2019, IEEE Transactions on Computers.

[27]  Yosuke Todo,et al.  Structural Evaluation by Generalized Integral Property , 2015, EUROCRYPT.

[28]  Dongdai Lin,et al.  Correlation Cube Attacks: From Weak-Key Distinguisher to Key Recovery , 2018, IACR Cryptol. ePrint Arch..

[29]  Yosuke Todo,et al.  Improved Integral Attack on HIGHT , 2017, ACISP.

[30]  Yosuke Todo,et al.  Observations on the Dynamic Cube Attack of 855-Round TRIVIUM from Crypto'18 , 2018, IACR Cryptol. ePrint Arch..

[31]  Adi Shamir,et al.  Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[32]  Bin Zhang,et al.  Fast Correlation Attack Revisited -Cryptanalysis on Full Grain-128a, Grain-128, and Grain-v1 , 2018, IACR Cryptol. ePrint Arch..

[33]  Wei Wang,et al.  MILP-Aided Bit-Based Division Property for Primitives with Non-Bit-Permutation Linear Layers , 2016, IACR Cryptol. ePrint Arch..

[34]  Elwood S. Buffa,et al.  Graph Theory with Applications , 1977 .

[35]  Martin Hell,et al.  Grain-128a: a new version of Grain-128 with optional authentication , 2011, Int. J. Wirel. Mob. Comput..

[36]  Dongdai Lin,et al.  Applying MILP Method to Searching Integral Distinguishers Based on Division Property for 6 Lightweight Block Ciphers , 2016, ASIACRYPT.

[37]  Yosuke Todo,et al.  Bit-Based Division Property and Application to Simon Family , 2016, FSE.