Abstract
In [23] Raddum and Semaev propose a technique to solve systems of polynomial equations over \({\mathbb F}_{2}\) as occurring in algebraic attacks on block ciphers. This approach is known as MRHS, and we present a special purpose architecture to implement MRHS in a dedicated hardware device. Our preliminary performance analysis of this Parallel Elimination Technique Supporting Nice Algebraic Key Elimination shows that the use of ASICs seems to enable significant performance gains over a software implementation of MRHS. The main parts of the proposed architecture are scalable, the limiting factor being mainly the available bandwidth for interchip communication. Our focus is on a design choice that can be implemented within the limits of available fab technology. The proposed design can be expected to offer a running time improvement in the order of several magnitudes over a software implementation.
We do not make any claims about the practical feasibility of an attack against AES-128 with our design, as we do not see the necessary theoretical tools to be available: deriving reliable running time estimates for an algebraic attack with MRHS when being applied to a full-round version of AES-128 is still an open problem.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Arlazarov, V.L., Dinic, E.A., Kronrod, M.A., Faradzev, I.A.: On economic construction of the transitive closure of a directed graph. Sov. Math. Dokl. 11, 1209–1210 (1975); Original in Russian in Dokl. Akad. Nauk. SSSR 194, 477–488 (1970)
Bernstein, D.J.: Circuits for Integer Factorization: a Proposal (2001), At the time of writing available electronically at, http://cr.yp.to/papers/nfscircuit.pdf
Bogdanov, A., Eisenbarth, T., Rupp, A.: A Hardware-Assisted Realtime Attack on A5/2 Without Precomputations. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 394–412. Springer, Heidelberg (2007)
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An Ultra-Lightweight Block Cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)
Bogdanov, A., Mertens, M.C., Paar, C., Pelzl, J., Rupp, A.: A Parallel Hardware Architecture for fast Gaussian Elimination over GF(2). In: IEEE Symp. on Field-Programmable Custom Computing Machines — FCCM 2006, Napa, CA, USA (2006)
Bogdanov, A., Mertens, M.C., Paar, C., Pelzl, J., Rupp, A.: SMITH - A Parallel Hardware Architecture for fast Gaussian Elimination over GF(2). In: 2nd Workshop on Special-purpose Hardware for Attacking Cryptographic Systems – SHARCS 2006 (2006), http://www.crypto.ruhr-uni-bochum.de/imperia/md/content/texte/publications/conferences/sharcs2006_matrix.pdf
Bosma, W., Cannon, J.J., Playoust, C.: The Magma Algebra System I: The User Language. Journal of Symbolic Computation 24, 235–265 (1997)
Buchmann, J., Pyshkin, A., Weinmann, R.-P.: A Zero-Dimensional Gröbner Basis for AES-128. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 78–88. Springer, Heidelberg (2006)
Intel Corporation. Intel® Xeon® Processor X7460 (16M Cache, 2.66 GHz, 1066 MHz FSB), http://ark.intel.com/Product.aspx?id=36947
Courtois, N.T., Bard, G.V., Wagner, D.: Algebraic and Slide Attacks on KeeLoq. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 97–115. Springer, Heidelberg (2008)
Electronic Frontier Foundation. Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design. OReilly & Associates, Sebastopol (July 1998)
Franke, J., Kleinjung, T., Paar, C., Pelzl, J., Priplata, C., Stahlke, C.: SHARK: A Realizable Special Hardware Sieving Device for Factoring 1024-Bit Integers. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 119–130. Springer, Heidelberg (2005)
Geiselmann, W., Matheis, K., Steinwandt, R.: PET SNAKE: A Special Purpose Architecture to Implement an Algebraic Attack in Hardware. Cryptology ePrint Archive: Report 2009/222 (2010), http://eprint.iacr.org/2009/222
Geiselmann, W., Shamir, A., Steinwandt, R., Tromer, E.: Scalable Hardware for Sparse Systems of Linear Equations, with Applications to Integer Factorization. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 131–146. Springer, Heidelberg (2005)
Geiselmann, W., Steinwandt, R.: Yet Another Sieving Device. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 278–291. Springer, Heidelberg (2004)
Geiselmann, W., Steinwandt, R.: Non-wafer-Scale Sieving Hardware for the NFS: Another Attempt to Cope with 1024-bit. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 466–481. Springer, Heidelberg (2007)
Güneysu, T., Kasper, T., Novotný, M., Paar, C., Rupp, A.: Cryptanalysis with COPACOBANA. IEEE Transactions on Computers 75(11), 1498–1513 (2008)
Lenstra, A.K., Shamir, A.: Analysis and Optimization of the TWINKLE Factoring Device. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 35–52. Springer, Heidelberg (2000)
Lenstra, A.K., Shamir, A., Tomlinson, J., Tromer, E.: Analysis of Bernstein’s Factorization Circuit. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 1–26. Springer, Heidelberg (2002)
National Institute of Standards and Technology. Federal Information Processing Standards Publication 197. Specification for the ADVANCED ENCRYPTION STANDARD (AES) (November 2001)
Raddum, H.: MRHS Equation Systems. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 232–245. Springer, Heidelberg (2007)
Raddum, H., Semaev, I.: Solving MRHS linear equations. Cryptology ePrint Archive, Report 2007/285 (2007), http://eprint.iacr.org/2007/285
Raddum, H., Semaev, I.: Solving Multiple Right Hand Sides linear equations. Designs, Codes and Cryptography 49, 147–160 (2008); Preprint available in [22]
Schoonen, A.C.C.: Multiple right-hand side equation. Master’s thesis, Eindhoven University of Technology, Department of Mathematics and Computer Science (May 2008), http://alexandria.tue.nl/extra1/afstversl/wsk-i/schoonen2008.pdf
Semaev, I.: Sparse Boolean equations and circuit lattices. Presentation at Int. Workshop on Coding and Cryptography WCC 2009, Ullensvang (Norway) (May 2009)
Semaev, I.: Sparse Boolean equations and circuit lattices. Cryptology ePrint Archive, Report 2009/252 (2009), http://eprint.iacr.org/2009/252
Shamir, A.: Factoring Large Numbers with the TWINKLE Device. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 2–12. Springer, Heidelberg (1999)
Shamir, A., Tromer, E.: Factoring Large Numbers with the TWIRL Device. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 1–26. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Geiselmann, W., Matheis, K., Steinwandt, R. (2010). PET SNAKE: A Special Purpose Architecture to Implement an Algebraic Attack in Hardware. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science X. Lecture Notes in Computer Science, vol 6340. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17499-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-17499-5_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17498-8
Online ISBN: 978-3-642-17499-5
eBook Packages: Computer ScienceComputer Science (R0)