Paper 2019/259

A Practical Method to Recover Exact Superpoly in Cube Attack

SenPeng Wang, Bin Hu, Jie Guan, Kai Zhang, and TaiRong Shi

Abstract

Cube attack is an important cryptanalytic technique against symmetric cryptosystems, especially for stream ciphers. The key step in cube attack is recovering superpoly. However, when cube size is large, the large time complexity of recovering the exact algebraic normal form (ANF) of superpoly confines cube attack. At CRYPTO 2017, Todo et al. applied conventional bit-based division property (CBDP) into cube attack which could exploit large cube sizes. However, CBDP based cube attacks cannot ensure that the superpoly of a cube is non-constant. Hence the key recovery attack may be just a distinguisher. Moreover, CBDP based cube attacks can only recover partial ANF coefficients of superpoly. The time complexity of recovering the reminding ANF coefficients is very large, because it has to query the encryption oracle and sum over the cube set. To overcome these limits, in this paper, we propose a practical method to recover the ANF coefficients of superpoly. This new method is developed based on bit-based division property using three subsets (BDPT) proposed by Todo at FSE 2016. We apply this new method to reduced-round Trivium. To be specific, the time complexity of recovering the superpoly of 832-round Trivium at CRYPTO 2017 is reduced from $2^{77}$ to practical, and the time complexity of recovering the superpoly of 839-round Trivium at CRYPTO 2018 is reduced from $2^{79}$ to practical. Then, we propose a theoretical attack which can recover the superpoly of Trivium up to 842 round. As far as we know, this is the first time that the superpoly can be recovered for Trivium up to 842 rounds.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
TriviumMILPCube attackDivision propertyStream cipher
Contact author(s)
wsp2110 @ 126 com
History
2019-03-06: received
Short URL
https://ia.cr/2019/259
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/259,
      author = {SenPeng Wang and Bin Hu and Jie Guan and Kai Zhang and TaiRong Shi},
      title = {A Practical Method to Recover Exact Superpoly in Cube Attack},
      howpublished = {Cryptology ePrint Archive, Paper 2019/259},
      year = {2019},
      note = {\url{https://eprint.iacr.org/2019/259}},
      url = {https://eprint.iacr.org/2019/259}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.