Time-Memory Trade-Off Attacks on Multiplications and T-Functions
暂无分享,去创建一个
T–functions are a new class of primitives which have recently been introduced by Klimov and Shamir. The several concrete proposals by the authors have multiplication and squaring as core nonlinear operations. Firstly, we present time-memory trade-off algorithms to solve the problems related to multiplication and squaring. Secondly, we apply these algorithms to two of the proposals of multi-word T-functions. For the proposal based on multiplication we can recover the 128 unknown bits of the state vector in 240 time whereas for the proposal based on squaring the 128 unknown bits can be recovered in 221 time. The required amount of key stream is a few (less than five) 128-bit blocks. Experimental data from implementation suggests that our attacks work well in practice and hence such proposals are not secure enough for stand-alone usage. Finally, we suggest the use of conjugate permutations to possibly improve the security of T–functions while retaining some attractive theoretical properties.
[1] Adi Shamir,et al. A New Class of Invertible Mappings , 2002, CHES.
[2] Adi Shamir,et al. Cryptographic Applications of T-Functions , 2003, Selected Areas in Cryptography.
[3] Moni Naor,et al. Constructing Pseudo-Random Permutations with a Prescribed Structure , 2001, SODA '01.
[4] Adi Shamir,et al. New Cryptographic Primitives Based on Multiword T-Functions , 2004, FSE.
[5] Alfred Menezes,et al. Handbook of Applied Cryptography , 2018 .