New cube distinguishers on NFSR-based stream ciphers

In this paper, we revisit the work of Sarkar et al. (Des Codes Cryptogr 82(1–2):351–375, 2017) and Liu (Advances in cryptology—Crypto 2017, 2017) and show how both of their ideas can be tuned to find good cubes. Here we propose a new algorithm for cube generation which improves existing results on $${\texttt {Zero-Sum}}$$ Zero - Sum distinguisher. We apply our new cube finding algorithm to three different nonlinear feedback shift register (NFSR) based stream ciphers $${\textsf {Trivium}}$$ Trivium , $$\textsf {Kreyvium}$$ Kreyvium and $$\textsf {ACORN}$$ ACORN . From the results, we can see a cube of size 39, which gives $${\texttt {Zero-Sum}}$$ Zero - Sum for maximum 842 rounds and a significant non-randomness up to 850 rounds of $${\textsf {Trivium}}$$ Trivium . We provide some small size good cubes for $${\textsf {Trivium}}$$ Trivium , which outperform existing ones. We further investigate $$\textsf {Kreyvium}$$ Kreyvium and $$\textsf {ACORN}$$ ACORN by a similar technique and obtain cubes of size 56 and 92 which give $${\texttt {Zero-Sum}}$$ Zero - Sum distinguisher till 875 and 738 initialization rounds of $$\textsf {Kreyvium}$$ Kreyvium and $$\textsf {ACORN}$$ ACORN respectively. To the best of our knowledge, these results are best results as compared to the existing results on distinguishing attacks of these ciphers. We also provide a table of good cubes of sizes varying from 10 to 40 for these three ciphers.

[1]  Honggang Hu,et al.  A new chosen IV statistical distinguishing framework to attack symmetric ciphers, and its application to ACORN-v3 and Grain-128a , 2017, IACR Cryptol. ePrint Arch..

[2]  Santanu Sarkar,et al.  Observing biases in the state: case studies with Trivium and Trivia-SC , 2017, Des. Codes Cryptogr..

[3]  Willi Meier,et al.  Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium , 2009, FSE.

[4]  Paul Stankovski,et al.  Greedy Distinguishers and Nonrandomness Detectors , 2010, INDOCRYPT.

[5]  Yosuke Todo,et al.  Cube Attacks on Non-Blackbox Polynomials Based on Division Property , 2018, IEEE Transactions on Computers.

[6]  Masakatu Morii,et al.  Conditional Differential Cryptanalysis for Kreyvium , 2017, ACISP.

[7]  Adi Shamir,et al.  Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[8]  Anne Canteaut,et al.  Stream Ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression , 2016, FSE.

[9]  Martin Hell,et al.  Grain-128a: a new version of Grain-128 with optional authentication , 2011, Int. J. Wirel. Mob. Comput..

[10]  Pierre-Alain Fouque,et al.  Improving Key Recovery to 784 and 799 rounds of Trivium using Optimized Cube Attacks , 2013, IACR Cryptol. ePrint Arch..

[11]  Leonie Ruth Simpson,et al.  Investigating Cube Attacks on the Authenticated Encryption Stream Cipher ACORN , 2016, ATIS.

[12]  Dongdai Lin,et al.  Searching cubes for testing Boolean functions and its application to Trivium , 2015, 2015 IEEE International Symposium on Information Theory (ISIT).

[13]  Willi Meier,et al.  A Key-recovery Attack on 855-round Trivium , 2018, IACR Cryptol. ePrint Arch..

[14]  Michael Vielhaber Breaking ONE.FIVIUM by AIDA an Algebraic IV Differential Attack , 2007, IACR Cryptol. ePrint Arch..

[15]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[16]  Willi Meier,et al.  Conditional Differential Cryptanalysis of Trivium and KATAN , 2011, Selected Areas in Cryptography.

[17]  Shahram Khazaei,et al.  Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers , 2008, AFRICACRYPT.

[18]  Bart Preneel,et al.  Cryptanalysis of the Two-Dimensional Circulation Encryption Algorithm , 2005, EURASIP J. Adv. Signal Process..

[19]  Dongdai Lin,et al.  Correlation Cube Attacks: From Weak-Key Distinguisher to Key Recovery , 2018, IACR Cryptol. ePrint Arch..

[20]  Meicheng Liu,et al.  Degree Evaluation of NFSR-Based Cryptosystems , 2017, CRYPTO.

[21]  Yosuke Todo,et al.  Observations on the Dynamic Cube Attack of 855-Round TRIVIUM from Crypto'18 , 2018, IACR Cryptol. ePrint Arch..

[22]  Yosuke Todo,et al.  Improved Division Property Based Cube Attacks Exploiting Algebraic Properties of Superpoly , 2018, IEEE Transactions on Computers.

[23]  Tian Tian,et al.  A New Framework for Finding Nonlinear Superpolies in Cube Attacks against Trivium-Like Ciphers , 2018, IACR Cryptol. ePrint Arch..