Abstract
The cube attack proposed by Dinur and Shamir is one of the most important key-recovery attacks against Trivium. Recently division property based cube attacks have been extensively studied and significantly improved. In particular, the MILP modeling technique for the three-subset division property without unknown subset proposed by Hao, et al. at EUROCRYPT 2020 and the new technique with nested monomial predictions proposed by Hu, et al. at ASIACRYPT 2021 are best techniques to recover exact superpolies in division property based cube attacks. Consequently, at this state of the art, whether a superpoly can be recovered in division property based cube attacks is mainly decided by the scale of the superpoly, that is, the number of terms. Hence the choice for proper cubes corresponding to low-complexity superpolies is more critical now. Some effective cube construction methods were proposed for experimental cube attacks, but not applicable to division property based cube attacks. In this paper, the authors propose a heuristic cube criterion and a cube sieve algorithm, which can be combined with the three-subset division property to recover a number of superpolies. Applied to 815-round Trivium, the authors recovered 417 superpolies from 441 cubes obtained by our algorithm of sizes between 41 and 48. The success rate is 94.56%. There are 165 non-constant superpolies with degree less than 14. In order to demonstrate the significance of the new algorithm, the authors tested the best superpoly recovery technique at EUROCRYPT 2020 using random cubes of similar sizes on 815-round Trivium. The experimental result shows that no cube could be completely recovered within a given period of time because the superpolies for random cubes are too complex.
Similar content being viewed by others
References
Cannière C D and Preneel B, Trivium, New Stream Cipher Designs — The eSTREAM Finalists, LNCS, Springer, 2008, 4986: 244–266.
Dinur I and Shamir A, Cube attacks on tweakable black box polynomials, Proc. Advances in Cryptology — EUROCRYPT 2009, Germany, 2009, 2009(LNCS 5479): 278–299.
Fouque P and Vannet T, Improving key recovery to 784 and 799 rounds of trivium using optimized cube attacks, Proc. 20th Int. Workshop, FSE 2013, Singapore, 2013, 2013 (LNCS 8424): 502–517.
Ye C and Tian T, A practical key-recovery attack on 805-round trivium, Proc. Advances in Cryptology — ASIACRYPT 2021, Singapore, 2021, 2021(LNCS 13090): 187–213.
Todo Y, Isobe T, Hao Y, et al., Cube attacks on non-blackbox polynomials based on division property, Proc. Advances in Cryptology — CRYPTO 2017, USA, 2017, 2017(LNCS 10403): 250–279.
Todo Y, Isobe T, Hao Y, et al., Cube attacks on non-blackbox polynomials based on division property, IEEE Trans. Computers, 2018, 67(12): 1720–1736.
Hao Y, Isobe T, Jiao L, et al., Improved division property based cube attacks exploiting algebraic properties of superpoly, IEEE Trans. Computers, 2019, 68(10): 1470–1486.
Wang S, Hu B, Guan J, et al., Milp-aided method of searching division property using three subsets and applications, Proc. Advances in Cryptology — ASIACRYPT 2019, Japan, 2019, 2019(LNCS 11923): 399–427.
Ye C and Tian T, Revisit division property based cube attacks: Key-recovery or distinguishing attacks? IACR Trans. Symmetric Cryptol., 2019, (3): 81–102.
Hao Y, Leander G, Meier W, et al., Modeling for three-subset division property without unknown subset - improved cube attacks against trivium and grain-128aead, Proc. Advances in Cryptology — EUROCRYPT 2020, Croatia, 2020, 2020(LNCS 12105): 466–495.
Hu K, Sun S, Wang M, et al., An algebraic formulation of the division property: Revisiting degree evaluations, cube attacks, and key-independent sums, Proc. Advances in Cryptology — ASIACRYPT 2020, South Korea, 2020, 2020(LNCS 12491): 446–476.
Hu K, Sun S, Todo Y, et al., Massive superpoly recovery with nested monomial predictions, Proc. Advances in Cryptology — ASIACRYPT 2021, Singapore, 2021, 2021(LNCS 13090): 392–421.
Sun Y, Automatic search of cubes for attacking stream ciphers, IACR Trans. Symmetric Cryptol., 2021(4): 100–123.
Liu M, Yang J, Wang W, et al., Correlation cube attacks: From weak-key distinguisher to key recovery, Proc. Advances in Cryptology — EUROCRYPT 2018, Israel, 2018, 2018(LNCS 10821): 715–744.
Dinur I, Guneysu T, Paar C, et al., An experimentally verified attack on full grain-128 using dedicated reconfigurable hardware, Proc. Advances in Cryptology — ASIACRYPT 2011, South Korea, 2011, 2011(LNCS 7073): 327–343.
Dinur I and Shamir A, Breaking grain-128 with dynamic cube attacks, Proc. 18th Int. Workshop, FSE 2011, Denmark, 2011, 2011(LNCS 6733): 167–187.
Rahimi M, Barmshory M, Mansouri M H, et al., Dynamic cube attack on grain-v1. IET Inf. Secur., 2016, 10(4): 165–172.
Sarkar S, Maitra S and Baksi A, Observing biases in the state: Case studies with trivium and trivia-sc, Des. Codes Cryptogr., 2017, 82(1–2): 351–375.
Stankovski P, Greedy distinguishers and nonrandomness detectors, Proc. Progress in Cryptology — INDOCRYPT 2010, India, 2010, 2010(LNCS 6498): 210–226.
Aumasson J, Dinur I, Meier W, et al., Cube testers and key recovery attacks on reduced-round MD6 and trivium, Proc. 16th Int. Workshop, FSE 2009, Belgium, 2009, 2009(LNCS 5665): 1–22.
Kesarwani A, Roy D, Sarkar S, et al., New cube distinguishers on nfsr-based stream ciphers, Des. Codes Cryptogr., 2020, 88(1): 173–199.
Liu M, Degree evaluation of nfsr-based cryptosystems, Proc. Advances in Cryptology — CRYPTO 2017, USA, 2017, 2017(LNCS 10403): 227–249.
Liu M, Lin D, and Wang W, Searching cubes for testing boolean functions and its application to trivium, Proc. IEEE International Symposium on Information Theory, ISIT 2015, China, 2015, 2015(IEEE): 496–500.
Ye C and Tian T, Algebraic method to recover superpolies in cube attacks, IET Inf. Secur., 14(4): 430–441.
Mroczkowski P and Szmidt J, The cube attack on stream cipher trivium and quadraticity tests, Fundamenta Informaticae, 2012, 114: 309–318.
Ye C and Tian T, A new framework for finding nonlinear superpolies in cube attacks against trivium-like ciphers, Proc. Information Security and Privacy — 23rd Australasian Conf., ACISP, 2018, 2018LNCS 10946: 172–187.
Todo Y, Structural evaluation by generalized integral property, Proc. Advances in Cryptology — EUROCRYPT 2015, Bulgaria, 2015, 2015(LNCS 9056): 287–314.
Todo Y and Morii M, Bit-based division property and application to simon family, Proc. 23rd Int. Conference, FSE 2016, Germany, 2016, 2016(LNCS 9783): 357–377.
Xiang Z, Zhang W, Bao Z, et al., Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers, Proc. Advances in Cryptology — ASIACRYPT 2016, Vietnam, 2016, 2016(LNCS 13090): 648–678.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
The authors declare no conflict of interest.
Additional information
This research was supported by the National Natural Science Foundation of China under Grant No. 61672533.
Rights and permissions
About this article
Cite this article
Liu, C., Tian, T. & Qi, W. A New Method for Searching Cubes and Its Application to 815-Round Trivium. J Syst Sci Complex 36, 2234–2254 (2023). https://doi.org/10.1007/s11424-023-1497-1
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11424-023-1497-1