Paper 2022/1518
An Experimentally Verified Attack on 820-Round Trivium (Full Version)
Abstract
The cube attack is one of the most important cryptanalytic techniques against Trivium. As the method of recovering superpolies becomes more and more effective, another problem of cube attacks, i.e., how to select cubes corresponding to balanced superpolies, is attracting more and more attention. It is well-known that a balanced superpoly could be used in both theoretical and practical analyses. In this paper, we present a novel framework to search for valuable cubes whose superpolies have an independent secret variable each, i.e., a linear variable not appearing in any nonlinear term. To control online complexity, valuable cubes are selected from very few large cubes. New ideas are given on the large cube construction and the subcube sieve. For the verification of this new algorithm, we apply it to Trivium. For 815-round Trivium, using one cube of size 47, we obtain more than 200 balanced superpolies containing 68 different independent secret variables. To make a trade-off between the number of cubes and computation complexity, we choose 35 balanced superpolies and mount a key-recovery attack on 815-round Trivium with a complexity of $2^{47.32}$. For 820-round Trivium, using two cubes of size 52, we obtain more than 100 balanced superpolies, which contain 54 different independent secret variables. With 30 balanced superpolies, we mount a key-recovery attack on 820-round Trivium with a complexity of $2^{53.17}$. Strong experimental evidence shows that the full key-recovery attacks on 815- and 820-round Trivium could be completed within six hours and two weeks on a PC with two RTX3090 GPUs, respectively.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Inscrypt 2022
- Keywords
- Cube Attacks Key-Recovery Attacks Division Property Trivium
- Contact author(s)
-
che_cheng @ 126 com
tiantian_d @ 126 com - History
- 2022-11-16: revised
- 2022-11-03: received
- See all versions
- Short URL
- https://ia.cr/2022/1518
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1518, author = {Cheng Che and Tian Tian}, title = {An Experimentally Verified Attack on 820-Round Trivium (Full Version)}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/1518}, year = {2022}, url = {https://eprint.iacr.org/2022/1518} }