Paper 2023/1283

A Univariate Attack against the Limited-Data Instance of Ciminion

Augustin Bariant, Inria Paris
Abstract

With the increasing interest for advanced protocols for Multi Party Computation, Fully-Homomorphic Encryption or Zero Knowledge proofs, a need for cryptographic algorithms with new constraints has emerged. These algorithms, called Arithmetization-Oriented ciphers, seek to minimize the number of field multiplications in large finite fields $\mathbb{F}_{2^n}$ or $\mathbb{F}_{p}$. Among them, Ciminion is an encryption algorithm proposed by Dobraunig et al. in Eurocrypt 2021. In this paper, we show a new univariate modelization on a variant of Ciminion proposed by the designers. This instance restricts the attacker to at most $2^{s/2}$ data, where $s$ is the security level. Because the designers chose to reduce the number of rounds in that specific attacker model, we are able to attack the cipher for large security levels. We also propose some slight modifications of Ciminion that would overcome this vulnerability.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
Algebraic cryptanalysisCiminionArithmetization-orientedUnivariate solving
Contact author(s)
augustin bariant @ inria fr
History
2024-07-15: revised
2023-08-25: received
See all versions
Short URL
https://ia.cr/2023/1283
License
No rights reserved
CC0

BibTeX 

@misc{cryptoeprint:2023/1283,
      author = {Augustin Bariant},
      title = {A Univariate Attack against the Limited-Data Instance of Ciminion},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1283},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1283}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.