Cube Attacks on Tweakable Black Box Polynomials

10 years 1 months ago
Cube Attacks on Tweakable Black Box Polynomials
Almost any cryptographic scheme can be described by tweakable polynomials over GF(2), which contain both secret variables (e.g., key bits) and public variables (e.g., plaintext bits or IV bits). The cryptanalyst is allowed to tweak the polynomials by choosing arbitrary values for the public variables, and his goal is to solve the resultant system of polynomial equations in terms of their common secret variables. In this paper we develop a new technique (called a cube attack) for solving such tweakable polynomials, which is a major improvement over several previously published attacks of the same type. For example, on the stream cipher Trivium with a reduced number of initialization rounds, the best previous attack (due to Fischer, Khazaei, and Meier) requires a barely practical complexity of 255 to attack 672 initialization rounds, whereas a cube attack can find the complete key of the same variant in 219 bit operations (which take less than a second on a single PC). Trivium with 735 i...
Itai Dinur, Adi Shamir
Added 24 Nov 2009
Updated 24 Nov 2009
Type Conference
Year 2009
Authors Itai Dinur, Adi Shamir
Comments (0)