A New Practical Cube Attack via Recovering Numerous Superpolys

Authors

  • Min Zhang Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China
  • Yao Sun Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

DOI:

https://doi.org/10.46586/tosc.v2024.i4.38-63

Keywords:

Practical cube attack, Stream ciphers, Trivium, Solving nonlinear polynomial systems

Abstract

Cube attack is one of the most powerful approaches for recovering keys of stream ciphers. Practical cube attacks generate several superpolys first and solve the system constructed by these superpolys afterward. Unlike previous practical attacks, we propose a new cube attack that transfers the difficulty of generating easy-solving superpolys to solving the system built by numerous nonlinear ones. In the offline phase, we recovered lots of nonlinear superpolys by improving the approach proposed by Delaune et al. at SAC 2022 in theory. In the online phase, taking advantage of the sparsity and asymmetry of these numerous superpolys, we present a new testing method to solve the constructed system efficiently. As applications, the latest attack could practically recover the keys for 820- and 832-round Trivium with the time complexity no more extensive than 246 and 250, while the previous highest number of rounds of Trivium that can be attacked practically is 830. We believe the proposed approach can be used to attack more rounds of Trivium and other stream ciphers.

Downloads

Published

2024-12-18

Issue

Section

Articles

How to Cite

Zhang, M., & Sun, Y. (2024). A New Practical Cube Attack via Recovering Numerous Superpolys. IACR Transactions on Symmetric Cryptology, 2024(4), 38-63. https://doi.org/10.46586/tosc.v2024.i4.38-63