[Resource Topic] 2019/259: A Practical Method to Recover Exact Superpoly in Cube Attack

Welcome to the resource topic for 2019/259

Title:
A Practical Method to Recover Exact Superpoly in Cube Attack

Authors: SenPeng Wang, Bin Hu, Jie Guan, Kai Zhang, TaiRong Shi

Abstract:

Cube attack is an important cryptanalytic technique against symmetric cryptosystems, especially for stream ciphers. The key step in cube attack is recovering superpoly. However, when cube size is large, the large time complexity of recovering the exact algebraic normal form (ANF) of superpoly confines cube attack. At CRYPTO 2017, Todo et al. applied conventional bit-based division property (CBDP) into cube attack which could exploit large cube sizes. However, CBDP based cube attacks cannot ensure that the superpoly of a cube is non-constant. Hence the key recovery attack may be just a distinguisher. Moreover, CBDP based cube attacks can only recover partial ANF coefficients of superpoly. The time complexity of recovering the reminding ANF coefficients is very large, because it has to query the encryption oracle and sum over the cube set. To overcome these limits, in this paper, we propose a practical method to recover the ANF coefficients of superpoly. This new method is developed based on bit-based division property using three subsets (BDPT) proposed by Todo at FSE 2016. We apply this new method to reduced-round Trivium. To be specific, the time complexity of recovering the superpoly of 832-round Trivium at CRYPTO 2017 is reduced from 2^{77} to practical, and the time complexity of recovering the superpoly of 839-round Trivium at CRYPTO 2018 is reduced from 2^{79} to practical. Then, we propose a theoretical attack which can recover the superpoly of Trivium up to 842 round. As far as we know, this is the first time that the superpoly can be recovered for Trivium up to 842 rounds.

ePrint: https://eprint.iacr.org/2019/259

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .