Paper 2022/991
Coefficient Grouping: Breaking Chaghri and More
Abstract
We propose an efficient technique called coefficient grouping to evaluate the algebraic degree of the FHE-friendly cipher Chaghri, which has been accepted for ACM CCS 2022. It is found that the algebraic degree increases linearly rather than exponentially. As a consequence, we can construct a 13-round distinguisher with time and data complexity of $2^{63}$ and mount a 13.5-round key-recovery attack. In particular, a higher-order differential attack on 8 rounds of Chaghri can be achieved with time and data complexity of $2^{38}$. Hence, it indicates that the full 8 rounds are far from being secure. Furthermore, we also demonstrate the application of our coefficient grouping technique to the design of secure cryptographic components. As a result, a countermeasure is found for Chaghri and it has little overhead compared with the original design. Since more and more symmetric primitives defined over a large finite field are emerging, we believe our new technique can have more applications in the future research.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- A major revision of an IACR publication in EUROCRYPT 2023
- Keywords
- Chaghridegree evaluationcoefficient groupingoptimization problemfinite field
- Contact author(s)
-
liufukangs @ gmail com
ravianandsps @ gmail com
wanglibo12b @ gmail com
willimeier48 @ gmail com
takanori isobe @ ai u-hyogo ac jp - History
- 2023-02-21: last of 9 revisions
- 2022-08-03: received
- See all versions
- Short URL
- https://ia.cr/2022/991
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/991,
author = {Fukang Liu and Ravi Anand and Libo Wang and Willi Meier and Takanori Isobe},
title = {Coefficient Grouping: Breaking Chaghri and More},
howpublished = {Cryptology {ePrint} Archive, Paper 2022/991},
year = {2022},
url = {https://eprint.iacr.org/2022/991}
}
