An Algebraic Formulation of the Division Property: Revisiting Degree Evaluations, Cube Attacks, and Key-Independent Sums

Since it was proposed in 2015 as a generalization of integral properties, the division property has evolved into a powerful tool for probing the structures of Boolean functions whose algebraic normal forms are not available. We capture the most essential elements for the detection of division properties from a pure algebraic perspective, proposing a technique named as monomial prediction, which can be employed to determine the presence or absence of a monomial in any product of the coordinate functions of a vectorial Boolean function f by counting the number of the so-called monomial trails across a sequence of simpler functions whose composition is f . Under the framework of the monomial prediction, we formally prove that most algorithms for detecting division properties in literature raise no false alarms but may miss. We also establish the equivalence between the monomial prediction and the three-subset bit-based division property without unknown subset presented at EUROCRYPT 2020, and show that these two techniques are perfectly accurate. The monomial prediction technique can be regarded as a purification of the definitions of the division properties without resorting to external multisets. This algebraic formulation gives more insights into division properties and inspires new search strategies. With the monomial prediction, we obtain the exact algebraic degrees of Trivium up to 834 rounds for the first time. In the context of cube attacks, we are able to explore a larger search space in limited time and recover the exact algebraic normal forms of complex superpolies with the help of a divide-and-conquer strategy. As a result, we identify more cubes with smaller dimensions, leading to improvements of some near-optimal attacks against 840-, 841and 842-round Trivium.

[1]  Yosuke Todo,et al.  Cube Attacks on Non-Blackbox Polynomials Based on Division Property , 2018, IEEE Transactions on Computers.

[2]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[3]  Piotr Mroczkowski,et al.  The Cube Attack on Stream Cipher Trivium and Quadraticity Tests , 2012, Fundam. Informaticae.

[4]  Yosuke Todo,et al.  Modeling for Three-Subset Division Property without Unknown Subset , 2020, Journal of Cryptology.

[5]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[6]  Adi Shamir,et al.  Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[7]  Qingju Wang,et al.  Zero-Sum Partitions of PHOTON Permutations , 2018, IACR Cryptol. ePrint Arch..

[8]  Lars R. Knudsen,et al.  The Interpolation Attack on Block Ciphers , 1997, FSE.

[9]  Wei Wang,et al.  Automatic Search of Bit-Based Division Property for ARX Ciphers and Word-Based Division Property , 2017, ASIACRYPT.

[10]  Jie Guan,et al.  MILP-aided Method of Searching Division Property Using Three Subsets and Applications , 2019, ASIACRYPT.

[11]  Lei Hu,et al.  Automatic Security Evaluation and (Related-key) Differential Characteristic Search: Application to SIMON, PRESENT, LBlock, DES(L) and Other Bit-Oriented Block Ciphers , 2014, ASIACRYPT.

[12]  Meiqin Wang,et al.  Finding Bit-Based Division Property for Ciphers with Complex Linear Layer , 2020, IACR Cryptol. ePrint Arch..

[13]  Yosuke Todo,et al.  Improved Division Property Based Cube Attacks Exploiting Algebraic Properties of Superpoly , 2018, IEEE Transactions on Computers.

[14]  Kai Hu,et al.  Automatic Search for A Variant of Division Property Using Three Subsets (Full Version) , 2019, IACR Cryptol. ePrint Arch..

[15]  Yosuke Todo,et al.  Structural Evaluation by Generalized Integral Property , 2015, EUROCRYPT.

[16]  Anne Canteaut,et al.  Higher-Order Differential Properties of Keccak and Luffa , 2011, FSE.

[17]  Dongdai Lin,et al.  Applying MILP Method to Searching Integral Distinguishers Based on Division Property for 6 Lightweight Block Ciphers , 2016, ASIACRYPT.

[18]  Yosuke Todo,et al.  Bit-Based Division Property and Application to Simon Family , 2016, FSE.

[19]  Xuejia Lai Higher Order Derivatives and Differential Cryptanalysis , 1994 .

[20]  Matthew J. B. Robshaw,et al.  New Stream Cipher Designs: The eSTREAM Finalists , 2008 .

[21]  Zhichao Yang,et al.  New observation on division property , 2016, Science China Information Sciences.

[22]  Alex Biryukov,et al.  Multiset-Algebraic Cryptanalysis of Reduced Kuznyechik, Khazad, and secret SPNs , 2017, IACR Trans. Symmetric Cryptol..

[23]  Meicheng Liu,et al.  Degree Evaluation of NFSR-Based Cryptosystems , 2017, CRYPTO.

[24]  Anne Canteaut,et al.  Another View of the Division Property , 2016, CRYPTO.

[25]  David A. Wagner,et al.  Integral Cryptanalysis , 2002, FSE.

[26]  Yosuke Todo,et al.  Lower Bounds on the Degree of Block Ciphers , 2020, IACR Cryptol. ePrint Arch..

[27]  Jinde Cao,et al.  Special focus on distributed cooperative analysis, control and optimization in networks , 2017, Science China Information Sciences.

[28]  Yosuke Todo Integral Cryptanalysis on Full MISTY1 , 2015, CRYPTO.

[29]  Matthew J. B. Robshaw,et al.  Essential Algebraic Structure within the AES , 2002, CRYPTO.

[30]  Tian Tian,et al.  Revisit Division Property Based Cube Attacks: Key-Recovery or Distinguishing Attacks? , 2019, IACR Cryptol. ePrint Arch..

[31]  Anne Canteaut,et al.  Degree of Composition of Highly Nonlinear Functions and Applications to Higher Order Differential Cryptanalysis , 2002, EUROCRYPT.