The Cube Attack on Stream Cipher Trivium and Quadraticity Tests

Authors:
Piotr Mroczkowski;Janusz Szmidt
Affiliations:
(Correspd.) Department of Cryptology, Military Communication Institute, ul. Warszawska 22A, 05-130 Zegrze, Poland. p.mroczkowski@wil.waw.pl/ j.szmidt@neostrada.pl;Department of Cryptology, Military Communication Institute, ul. Warszawska 22A, 05-130 Zegrze, Poland. p.mroczkowski@wil.waw.pl/ j.szmidt@neostrada.pl
Venue:
Fundamenta Informaticae - Cryptology in Progress: 10th Central European Conference on Cryptology, Będlewo Poland, 2010
Year:
2012

Citing 5
Cited 0

Self-testing/correcting with applications to numerical problems

Journal of Computer and System Sciences - Special issue: papers from the 22nd ACM symposium on the theory of computing, May 14–16, 1990
Trivium

New Stream Cipher Designs
Cube Attacks on Tweakable Black Box Polynomials

EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium

Fast Software Encryption
Breaking Grain-128 with dynamic cube attacks

FSE'11 Proceedings of the 18th international conference on Fast software encryption

Quantified Score

Hi-index	0.00

Visualization

Abstract

In 2008 I. Dinur and A. Shamir presented a new type of algebraic attack on symmetric ciphers named cube attack. The method has been applied to reduced variants of stream ciphers Trivium and Grain-128, reduced variants of the block ciphers Serpent and CTC and to a reduced version of the keyed hash function MD6. Previously, a very similar attack named AIDA was introduced by M. Vielhaber, in 2007. In this paper we develop quadraticity tests within the cube attack and apply them to a variant of stream cipher Trivium reduced to 709 initialization rounds. Using this method we obtain the full 80-bit secret key. In this way it eliminates the stage of brute force search of some secret key bits which occured in previous cube attacks.