On selection of samples in algebraic attacks and a new technique to find hidden low degree equations

The best way of selecting samples in algebraic attacks against block ciphers is not well explored and understood. We introduce a simple strategy for selecting the plaintexts and demonstrate its strength by breaking reduced-round KATAN32, LBlock and SIMON. For each case, we present a practical attack on reduced-round version which outperforms previous attempts of algebraic cryptanalysis whose complexities were close to exhaustive search. The attack is based on the selection of samples using cube attack and ElimLin which was presented at FSE’12, and a new technique called Universal Proning. In the case of LBlock, we break 10 out of 32 rounds. In KATAN32, we break 78 out of 254 rounds. Unlike previous attempts which break smaller number of rounds, we do not guess any bit of the key and we only use structural properties of the cipher to be able to break a higher number of rounds with much lower complexity. We show that cube attacks owe their success to the same properties and therefore can be used as a heuristic for selecting the samples in an algebraic attack. The performance of ElimLin is further enhanced by the new Universal Proning technique, which allows to discover linear equations that are not found by ElimLin.

[1]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[2]  Yu Sasaki,et al.  Related-Key Boomerang Attacks on KATAN32/48/64 , 2013, ACISP.

[3]  Adi Shamir,et al.  Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[4]  Bo-Yin Yang,et al.  On Asymptotic Security Estimates in XL and Gröbner Bases-Related Algebraic Cryptanalysis , 2004, ICICS.

[5]  Alexander Rostovtsev,et al.  On Boolean Ideals and Varieties with Application to Algebraic Attacks , 2012, IACR Cryptol. ePrint Arch..

[6]  Martin Hell,et al.  Grain: a stream cipher for constrained environments , 2007, Int. J. Wirel. Mob. Comput..

[7]  Wenling Wu,et al.  LBlock: A Lightweight Block Cipher , 2011, ACNS.

[8]  Pouyan Sepehrdad,et al.  Combined algebraic and truncated differential cryptanalysis on reduced-round SIMON , 2014, 2014 11th International Conference on Security and Cryptography (SECRYPT).

[9]  Leonie Ruth Simpson,et al.  On the Security of the LILI Family of Stream Ciphers Against Algebraic Attacks , 2007, ACISP.

[10]  Jean-Charles Faugère,et al.  On the complexity of solving quadratic Boolean systems , 2011, J. Complex..

[11]  Josef Pieprzyk,et al.  Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[12]  Pierre-Alain Fouque,et al.  Improving Key Recovery to 784 and 799 rounds of Trivium using Optimized Cube Attacks , 2013, IACR Cryptol. ePrint Arch..

[13]  Nicolas Courtois,et al.  Algebraic Description and Simultaneous Linear Approximations of Addition in Snow 2.0 , 2008, ICICS.

[14]  Khoongming Khoo,et al.  An Analysis of XSL Applied to BES , 2007, FSE.

[15]  Chris Christensen,et al.  Algebraic Cryptanalysis of SMS4: Gröbner Basis Attack and SAT Attack Compared , 2009, ICISC.

[16]  Jintai Ding,et al.  MXL3: An Efficient Algorithm for Computing Gröbner Bases of Zero-Dimensional Ideals , 2009, ICISC.

[17]  J. Faugère A new efficient algorithm for computing Gröbner bases (F4) , 1999 .

[18]  Gregory V. Bard,et al.  Algebraic and Slide Attacks on KeeLoq , 2008, FSE.

[19]  Willi Meier,et al.  Conditional Differential Cryptanalysis of Trivium and KATAN , 2011, Selected Areas in Cryptography.

[20]  Gregory V. Bard,et al.  Algebraic, AIDA/Cube and Side Channel Analysis of KATAN Family of Block Ciphers , 2010, INDOCRYPT.

[21]  Gregory V. Bard,et al.  Algebraic Cryptanalysis of the Data Encryption Standard , 2007, IMACC.

[22]  Martin R. Albrecht,et al.  On the Relation Between the Mutant Strategy and the Normal Selection Strategy in Gröbner Basis Algorithms , 2011, IACR Cryptol. ePrint Arch..

[23]  Willi Meier,et al.  Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium , 2009, FSE.

[24]  Christophe De Cannière,et al.  Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles , 2006, ISC.

[25]  Nicolas Courtois,et al.  Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt , 2002, ICISC.

[26]  Gaëtan Leurent,et al.  An Analysis of the XSL Algorithm , 2005, ASIACRYPT.

[27]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[28]  Adi Shamir,et al.  Applying cube attacks to stream ciphers in realistic scenarios , 2012, Cryptography and Communications.

[29]  Khoongming Khoo,et al.  An Analysis of the Compact XSL Attack on BES and Embedded SMS4 , 2009, CANS.

[30]  Serge Vaudenay,et al.  ElimLin Algorithm Revisited , 2012, FSE.

[31]  Martin R. Albrecht,et al.  On the relation between the MXL family of algorithms and Gröbner basis algorithms , 2012, J. Symb. Comput..

[32]  Jean Charles Faugère,et al.  A new efficient algorithm for computing Gröbner bases without reduction to zero (F5) , 2002, ISSAC '02.

[33]  Richard J. Lipton,et al.  On the complexity of SAT , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[34]  Adi Shamir,et al.  Side Channel Cube Attacks on Block Ciphers , 2009, IACR Cryptol. ePrint Arch..

[35]  M. Soos,et al.  CryptoMiniSat 2.5.1 , 2010 .

[36]  Lei Hu,et al.  Improved Algebraic and Differential Fault Attacks on the KATAN Block Cipher , 2013, ISPEC.

[37]  Chen-Mou Cheng,et al.  Solving Quadratic Equations with XL on Parallel Architectures , 2012, CHES.

[38]  Hideki Imai,et al.  Comparison Between XL and Gröbner Basis Algorithms , 2004, ASIACRYPT.

[39]  Nicolas Courtois,et al.  Algebraic Attacks over GF(2k), Application to HFE Challenge 2 and Sflash-v2 , 2004, Public Key Cryptography.

[40]  Till Stegers,et al.  Faugere's F5 Algorithm Revisited , 2006, IACR Cryptol. ePrint Arch..

[41]  Timothy J. Hodges,et al.  Degree of regularity of systems arising from a Weil descent , 2012 .

[42]  Adi Shamir,et al.  Breaking Grain-128 with Dynamic Cube Attacks , 2011, IACR Cryptol. ePrint Arch..

[43]  B. Salvy,et al.  Asymptotic Behaviour of the Degree of Regularity of Semi-Regular Polynomial Systems , 2022 .

[44]  Jean-Charles Faugère,et al.  Algebraic Cryptanalysis of Curry and Flurry Using Correlated Messages , 2009, Inscrypt.

[45]  SECRYPT 2014 - Proceedings of the 11th International Conference on Security and Cryptography, Vienna, Austria, 28-30 August, 2014 , 2014, SECRYPT.

[46]  Jintai Ding,et al.  MXL2: Solving Polynomial Equations over GF(2) Using an Improved Mutant Strategy , 2008, PQCrypto.