Cryptology ePrint Archive: Report 2009/222
PET SNAKE: A Special Purpose Architecture to Implement an Algebraic Attack in Hardware
Willi Geiselmann and Kenneth Matheis and Rainer Steinwandt
Abstract: In [Solving Multiple Right Hand Sides linear equations. Designs, Codes and Cryptography, 49:147–160, 2008] Raddum and Semaev propose a technique to solve systems of polynomial equations over GF(2) as occurring in algebraic attacks on block ciphers. This approach is known as MRHS, and we present a special purpose architecture to implement MRHS in a dedicated hardware device. Our preliminary performance analysis of this Parallel Elimination Technique Supporting Nice Algebraic Key Elimination shows that the use of ASICs seems to enable significant performance gains over a software implementation of MRHS. The main parts of the proposed architecture are scalable, the limiting factor being mainly the available bandwidth for interchip communication. Our focus is on a design choice that can be implemented within the limits of available fab technology. The proposed design can be expected to offer a running time improvement in the order of several magnitudes over a software implementation.
We do not make any claims about the practical feasibility of an attack against AES-128 with our design, as we do not see the necessary theoretical tools to be available: deriving reliable running time estimates for an algebraic attack with MRHS when being applied to a full-round version of AES-128 is still an open problem.
Category / Keywords: secret-key cryptography / block cipher, algebraic attack, cryptanalytic hardware, MRHS
Publication Info: A short version of this paper appears in Springer Transactions on Computational Science, Special Issue on "Security in Computing". This is the full version.
Date: received 19 May 2009, last revised 31 Aug 2010
Contact author: kmatheis at fau edu
Available format(s): PDF | BibTeX Citation
Version: 20100901:032918 (All versions of this report)
Short URL: ia.cr/2009/222
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]