### Improved Conditional Cube Attacks on Keccak Keyed Modes with MILP Method

Zheng Li, Wenquan Bi, Xiaoyang Dong, and Xiaoyun Wang

##### Abstract

Conditional cube attack is an efficient key-recovery attack on Keccak keyed modes proposed by Huang et al. at EUROCRYPT 2017. By assigning bit conditions, the diffusion of a conditional cube variable is reduced. Then, using a greedy algorithm (Algorithm 4 in Huang et al.'s paper), Huang et al. find some ordinary cube variables, that do not multiply together in the 1st round and do not multiply with the conditional cube variable in the 2nd round. Then the key-recovery attack is launched. The key part of conditional cube attack is to find enough ordinary cube variables. Note that, the greedy algorithm given by Huang et al. adds ordinary cube variable without considering its bad effect, i.e. the new ordinary cube variable may result in that many other variables could not be selected as ordinary cube variable (they multiply with the new ordinary cube variable in the first round). In this paper, we bring out a new MILP model to solve the above problem. We show how to model the CP-like-kernel and model the way that the ordinary cube variables do not multiply together in the 1st round as well as do not multiply with the conditional cube variable in the 2nd round. Based on these modeling strategies, a series of linear inequalities are given to restrict the way to add an ordinary cube variable. Then, by choosing the objective function of the maximal number of ordinary cube variables, we convert Huang et al.'s greedy algorithm into an MILP problem and the maximal ordinary cube variables are found. Using this new MILP tool, we improve Huang et al.'s key-recovery attacks on reduced-round Keccak-MAC-384 and Keccak-MAC-512 by 1 round, get the first 7-round and 6-round key-recovery attacks, respectively. For Ketje Major, we conclude that when the nonce is no less than 11 lanes, a 7-round key-recovery attack could be achieved. In addition, for Ketje Minor, we use conditional cube variable with 6-6-6 pattern to launch 7-round key-recovery attack.

Available format(s)
Category
Secret-key cryptography
Publication info
Keywords
MILPConditional Cube AttackKeccak Keyed ModeKey Recovery
Contact author(s)
xiaoyangdong @ tsinghua edu cn
History
2017-08-29: revised
See all versions
Short URL
https://ia.cr/2017/804

CC BY

BibTeX

@misc{cryptoeprint:2017/804,
author = {Zheng Li and Wenquan Bi and Xiaoyang Dong and Xiaoyun Wang},
title = {Improved Conditional Cube Attacks on Keccak Keyed Modes with MILP Method},
howpublished = {Cryptology ePrint Archive, Paper 2017/804},
year = {2017},
note = {\url{https://eprint.iacr.org/2017/804}},
url = {https://eprint.iacr.org/2017/804}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.