Paper 2009/015

Cube Attacks on Trivium

S S Bedi and N Rajesh Pillai


This paper discusses the Cube attacks proposed by Dinur and Shamir applied to Trivium. Independent verification of the equations given in Dinur and Shamir's paper were carried out. Experimentation showed that the precomputed equations were not general. They are correct when applied to the class of IVs for which they were computed - where IV bits at locations other than those corresponding to the cube are fixed at 0. When these IV bits are fixed at some other values, the relations do not hold. The probable cause for this is given and an extra step to the method for equation generation is suggested to take care of such cases.

Note: Errors in Table 2 due to incorrect interpretation of indices, pointed out by Bo Zhu and Wenye Yu and Tao Wang in their Report 2010/644 were corrected.

Available format(s)
Publication info
Published elsewhere. Not published
Algebraic attacks
Contact author(s)
nrajesh tech @ gmail com
2011-04-04: last of 2 revisions
2009-01-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {S S Bedi and N Rajesh Pillai},
      title = {Cube Attacks on Trivium},
      howpublished = {Cryptology ePrint Archive, Paper 2009/015},
      year = {2009},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.