A Univariate Attack against the Limited-Data Instance of Ciminion

Augustin Bariant

Paper 2023/1283

A Univariate Attack against the Limited-Data Instance of Ciminion

Augustin Bariant

, Inria Paris

Abstract

With the increasing interest for advanced protocols for Multi Party Computation, Fully-Homomorphic Encryption or Zero Knowledge proofs, a need for cryptographic algorithms with new constraints has emerged. These algorithms, called Arithmetization-Oriented ciphers, seek to minimize the number of field multiplications in large finite fields $F_{2^{n}}$ or $F_{p}$ . Among them, Ciminion is an encryption algorithm proposed by Dobraunig et al. in Eurocrypt 2021. In this paper, we show a new univariate modelization on a variant of Ciminion proposed by the designers. This instance restricts the attacker to at most $2^{s / 2}$ data, where is the security level. Because the designers chose to reduce the number of rounds in that specific attacker model, we are able to attack the cipher for large security levels. We also propose some slight modifications of Ciminion that would overcome this vulnerability.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Preprint.
Keywords: Algebraic cryptanalysis Ciminion Arithmetization-oriented Univariate solving
Contact author(s): augustin bariant @ inria fr
History: 2024-07-15: revised; 2023-08-25: received; See all versions
Short URL: https://ia.cr/2023/1283
License: CC0

BibTeX

@misc{cryptoeprint:2023/1283,
      author = {Augustin Bariant},
      title = {A Univariate Attack against the Limited-Data Instance of Ciminion},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1283},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1283}
}