TY - GEN
T1 - Improved Graph-Based Model for Recovering Superpoly on Trivium
AU - Cheng, Junjie
AU - Qiao, Kexin
N1 - Publisher Copyright:
© 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2023
Y1 - 2023
N2 - Recovering superpoly for a given cube is the key step in cube attacks - an algebraic cryptanalysis method for symmetric ciphers. Since 2015, division property, monomial prediction, and enhanced techniques have been proposed to recover the exact superpoly by converting the problem into Mixed Integer Linear Programming (MILP) model, whose feasible solutions should be enumerated exactly. To penetrate more rounds, cryptanalysts try their best to reduce the scale of deduced MILP model to alleviate the bottleneck of computational cost for solving the model. In this paper, we investigate the graph-based modeling approach proposed in SAC 2021 to further reduce the number of feasible solutions for the model to handle and reduce the model’s scale in cube attacks on Trivium. Specifically, we develop an algorithm to search for pruning patterns and reveal a budget way to add the constraints concerning pruning patterns, thus eliminating a large number of solutions by adding fewer additional constraints. Under our measurement method, the pruning efficiency of added constraints is improved by 7 to 10 times more effective than in previous work. We also embed this modified graph-based model to the nested superpoly recovery framework proposed in ASIACRYPT 2021 and improve graph-based cube attack on Trivium by one round. The improved graph-based model performs better than monomial prediction with nested framework on 842- and 843-round cube attack of Trivium.
AB - Recovering superpoly for a given cube is the key step in cube attacks - an algebraic cryptanalysis method for symmetric ciphers. Since 2015, division property, monomial prediction, and enhanced techniques have been proposed to recover the exact superpoly by converting the problem into Mixed Integer Linear Programming (MILP) model, whose feasible solutions should be enumerated exactly. To penetrate more rounds, cryptanalysts try their best to reduce the scale of deduced MILP model to alleviate the bottleneck of computational cost for solving the model. In this paper, we investigate the graph-based modeling approach proposed in SAC 2021 to further reduce the number of feasible solutions for the model to handle and reduce the model’s scale in cube attacks on Trivium. Specifically, we develop an algorithm to search for pruning patterns and reveal a budget way to add the constraints concerning pruning patterns, thus eliminating a large number of solutions by adding fewer additional constraints. Under our measurement method, the pruning efficiency of added constraints is improved by 7 to 10 times more effective than in previous work. We also embed this modified graph-based model to the nested superpoly recovery framework proposed in ASIACRYPT 2021 and improve graph-based cube attack on Trivium by one round. The improved graph-based model performs better than monomial prediction with nested framework on 842- and 843-round cube attack of Trivium.
KW - Cube Attack
KW - Graph-based model
KW - MILP
KW - Prune
KW - Trivium
UR - http://www.scopus.com/inward/record.url?scp=85161380594&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-30872-7_9
DO - 10.1007/978-3-031-30872-7_9
M3 - Conference contribution
AN - SCOPUS:85161380594
SN - 9783031308710
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 225
EP - 251
BT - Topics in Cryptology – CT-RSA 2023 - Cryptographers’ Track at the RSA Conference 2023, Proceedings
A2 - Rosulek, Mike
PB - Springer Science and Business Media Deutschland GmbH
T2 - Cryptographers’ Track at the RSA Conference, CT-RSA 2023
Y2 - 24 April 2023 through 27 April 2023
ER -