Advertisement

Rigorous Bounds on Cryptanalytic Time/Memory Tradeoffs

  • Elad Barkan
  • Eli Biham
  • Adi Shamir
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4117)

Abstract

In this paper we formalize a general model of cryptanalytic time/memory tradeoffs for the inversion of a random function f:{0,1,..., N–1} ↦{0,1,..., N–1}. The model contains all the known tradeoff techniques as special cases. It is based on a new notion of stateful random graphs. The evolution of a path in the stateful random graph depends on a hidden state such as the color in the Rainbow scheme or the table number in the classical Hellman scheme. We prove an upper bound on the number of images y=f(x) for which f can be inverted, and derive from it a lower bound on the number of hidden states. These bounds hold for an overwhelming majority of the functions f, and their proofs are based on a rigorous combinatorial analysis. With some additional natural assumptions on the behavior of the online phase of the scheme, we prove a lower bound on its worst-case time complexity \(T=\Omega(\frac{N^2}{M^2 \ln N})\), where M is the memory complexity. Finally, we describe new rainbow-based time/memory/data tradeoffs, and a new method for improving the time complexity of the online phase (by a small factor) by performing a deeper analysis during preprocessing.

Keywords

Time/memory tradeoff time/memory/data tradeoff rigorous lower bound hidden state stateful random graph Hellman Rainbow Cryptanalysis 

References

  1. 1.
    Avoine, G., Junod, P., Oechslin, P.: Time-Memory Trade-Offs: False Alarm Detection Using Checkpoints (Extended Version) (2005), Available online on: http://lasecwww.epfl.ch/pub/lasec/doc/AJO05a.pdf
  2. 2.
    Babbage, S.: A Space/Time Tradeoff in Exhaustive Search Attacks on Stream Ciphers. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070. Springer, Heidelberg (1996), Available online on: http://www.iacr.org/conferences/ec96/rump/ Google Scholar
  3. 3.
    Barkan, E.: Cryptanalysis of Ciphers and Protocols, Ph.D. Thesis (2006), http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-info.cgi?2006/PHD/+PHD-2006-04+
  4. 4.
    Biham, E.: How to decrypt or even substitute DES-encrypted messages in 228 steps. Information Processing Letters 84(3), 117–124 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Biryukov, A.: Some Thoughts on Time-Memory-Data Tradeoffs, IACR ePrint Report 2005/207 (2005), http://eprint.iacr.org/2005/207.pdf+
  6. 6.
    Biryukov, A., Shamir, A.: Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Biryukov, A., Mukhopadhyay, S., Sarkar, P.: Improved Time-Memory Trade-Offs with Multiple Data. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 110–127. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Borst, J., Preneel, B., Vandewalle, J.: On the Time-Memory Tradeoff Between Exhaustive Key Search and Table Precomputation. In: Proceedings of 19th Symposium on Information Theory in the Benelux, Veldhoven (NL), pp. 111–118 (1998)Google Scholar
  9. 9.
    Fiat, A., Naor, M.: Rigorous Time Space Tradeoffs for Inverting Functions. In: STOC 1991, pp. 534–541. ACM Press, New York (1991)CrossRefGoogle Scholar
  10. 10.
    Fiat, A., Naor, M.: Rigorous Time Space Tradeoffs for Inverting Functions. SIAM Journal on Computing 29(3), 790–803 (1999)CrossRefMathSciNetGoogle Scholar
  11. 11.
    Hellman, M.E.: A Cryptanalytic Time-Memory Trade-Off. IEEE Transactions on Information Theory IT-26(4), 401–406 (1980)CrossRefMathSciNetGoogle Scholar
  12. 12.
    Il-Jun, K., Tsutomu, M.: Achieving Higher Success Probability in Time-Memory Trade-Off Cryptanalysis without Increasing Memory Size. IEICE Transactions on Fundamentals E82-A(1), 123–129 (1999)Google Scholar
  13. 13.
    Kusuda, K., Matsumoto, T.: Optimization of Time-Memory Trade-Off Cryptanalysis and Its Application to DES, FEAL-32, and Skipjack. IEICE Transactions on Fundamentals E79-A(1), 35–48 (1996)Google Scholar
  14. 14.
    Oechslin, P.: Making a Faster Cryptanalytic Time-Memory Trade-Off. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 617–630. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Francois-Xavier, S., Gael, R., Jean-Jacques, Q., Jean-Didier, L.: A Time-Memory Tradeoff Using Distinguished Points: New Analysis & FPGA Results. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 593–609. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Chi-Chih, Y.A.: Coherent Functions and Program Checkers (Extended Abstract). In: STOC 1990, pp. 84–94. ACM Press, New York (1990)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Elad Barkan
    • 1
  • Eli Biham
    • 1
  • Adi Shamir
    • 2
  1. 1.Technion – Israel Institute of TechnologyComputer Science DepartmentHaifaIsrael
  2. 2.Department of Computer Science and Applied MathematicsThe Weizmann InstituteRehovotIsrael

Personalised recommendations