Attacking Bivium Using SAT Solvers

In this paper we present experimental results of an application of SAT solvers in current cryptography. Trivium is a very promising stream cipher candidate in the final phase of the eSTREAM project. We use the fastest industrial SAT solvers to attack a reduced version of Trivium - called Bivium. Our experimental attack time using the SAT solver is the best attack time that we are aware of, it is faster than the following attacks: exhaustive search, a BDD based attack, a graph theoretic approach and an attack based on Grobner bases. The attack recovers the internal state of the cipher by first setting up an equation system describing the internal state, then transforming it into CNF and then solving it. When one implements this attack, several questions have to be answered and several parameters have to be optimised.

[1]  Alex Biryukov,et al.  Two Trivial Attacks on Trivium , 2007, IACR Cryptol. ePrint Arch..

[2]  Tatsuaki Okamoto,et al.  Advances in Cryptology — ASIACRYPT 2000 , 2000, Lecture Notes in Computer Science.

[3]  Bruno Buchberger,et al.  Computer Aided Systems Theory — EUROCAST 2001 , 2001, Lecture Notes in Computer Science.

[4]  Ingo Wegener,et al.  Branching Programs and Binary Decision Diagrams , 1987 .

[5]  Alex Biryukov,et al.  Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers , 2000, ASIACRYPT.

[6]  Adnan Darwiche,et al.  RSat 2.0: SAT Solver Description , 2006 .

[7]  Dirk Stegemann Extended BDD-Based Cryptanalysis of Keystream Generators , 2007, Selected Areas in Cryptography.

[8]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[9]  Matthias Krause BDD-Based Cryptanalysis of Keystream Generators , 2002, EUROCRYPT.

[10]  Christophe De Cannière,et al.  Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles , 2006, ISC.

[11]  Laurent Simon,et al.  Preface to the Special Volume on the SAT 2005 Competitions and Evaluations , 2006, J. Satisf. Boolean Model. Comput..

[12]  Matthias Krause,et al.  OBDD-Based Cryptanalysis of Oblivious Keystream Generators , 2007, Theory of Computing Systems.

[13]  Matthias Krause,et al.  Reducing the Space Complexity of BDD-Based Attacks on Keystream Generators , 2006, FSE.

[14]  Gregory V. Bard,et al.  Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers , 2007, IACR Cryptol. ePrint Arch..

[15]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[16]  Michael Brickenstein,et al.  Slimgb: Gröbner bases with slim polynomials , 2010 .

[17]  Hans Schönemann,et al.  SINGULAR: a computer algebra system for polynomial computations , 2001, ACCA.

[18]  Bruno Buchberger,et al.  Gröbner Bases: A Short Introduction for Systems Theorists , 2001, EUROCAST.