Welcome to the resource topic for 2021/474
Title:
Algebraic Attacks on Rasta and Dasta Using Low-Degree Equations
Authors: Fukang Liu, Santanu Sarkar, Willi Meier, Takanori Isobe
Abstract:Rasta and Dasta are two fully homomorphic encryption friendly symmetric-key primitives proposed at CRYPTO 2018 and ToSC 2020, respectively. We point out that the designers of Rasta and Dasta neglected an important property of the \chi operation. Combined with the special structure of Rasta and Dasta, this property directly leads to significantly improved algebraic cryptanalysis. Especially, it enables us to theoretically break 2 out of 3 instances of full Agrasta, which is the aggressive version of Rasta with the block size only slightly larger than the security level in bits. We further reveal that Dasta is more vulnerable to our attacks than Rasta for its usage of a linear layer composed of an ever-changing bit permutation and a deterministic linear transform. Based on our cryptanalysis, the security margins of Dasta and Rasta parameterized with (n,\kappa,r)\in\{(327,80,4),(1877,128,4),(3545,256,5)\} are reduced to only 1 round, where n, \kappa and r denote the block size, the claimed security level and the number of rounds, respectively. These parameters are of particular interest as the corresponding ANDdepth is the lowest among those that can be implemented in reasonable time and target the same claimed security level.
ePrint: https://eprint.iacr.org/2021/474
Talk: https://www.youtube.com/watch?v=HdlcZ2NTd_E
Slides: https://iacr.org/submit/files/slides/2021/asiacrypt/asiacrypt2021/55/slides.pdf
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .