Algebraic Precomputations in Differential and Integral Cryptanalysis

  • Martin Albrecht
  • Carlos Cid
  • Thomas Dullien
  • Jean-Charles Faugère
  • Ludovic Perret
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6584)

Abstract

Algebraic cryptanalysis is a general tool which permits one to assess the security of a wide range of cryptographic schemes. Algebraic techniques have been successfully applied against a number of multivariate schemes and stream ciphers. Yet, their feasibility against block ciphers remains the source of much speculation. In this context, algebraic techniques have mainly been deployed in order to solve a system of equations arising from the cipher, so far with limited success. In this work we propose a different approach: to use Gröbner basis techniques to compute structural features of block ciphers, which may then be used to improve “classical” differential and integral attacks. We illustrate our techniques against the block ciphers Present and Ktantan32.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Albrecht, M., Cid, C.: Algebraic techniques in differential cryptanalysis. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 193–208. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Bardet, M., Faugère, J.-C., Salvy, B.: Complexity of Gröbner basis computation for semi-regular overdetermined sequences over F 2 with solutions in F 2. Technical Report 5049, INRIA (December 2003), http://www.inria.fr/rrrt/rr-5049.html
  3. 3.
    Bardet, M., Faugère, J.-C., Salvy, B.: On the complexity of Gröbner basis computation of semi-regular overdetermined algebraic equations. In: Proc. International Conference on Polynomial System Solving (ICPSS), pp. 71–75 (2004)Google Scholar
  4. 4.
    Bardet, M., Faugère, J.-C., Salvy, B., Yang, B.-Y.: Asymptotic behaviour of the degree of regularity of semi-regular polynomial systems. In: Proc. of MEGA 2005, Eighth International Symposium on Effective Methods in Algebraic Geometry (2005)Google Scholar
  5. 5.
    Becker, T., Weispfenning, V.: Gröbner Bases - A Computational Approach to Commutative Algebra. Springer, Heidelberg (1991)MATHGoogle Scholar
  6. 6.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
  7. 7.
    Bogdanov, A.A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007), http://www.crypto.rub.de/imperia/md/content/texte/publications/conferences/present_ches2007.pdf CrossRefGoogle Scholar
  8. 8.
    Bogdanov, A., Rechberger, C.: Generalizing meet-in-the-middle attacks: Cryptanalysis of the lightweight block cipher ktantan. In: Proceedings of Selected Areas in Cryptography 2010 (2010)Google Scholar
  9. 9.
    Brickenstein, M., Dreyer, A.: PolyBoRi: A framework for Gröbner basis computations with Boolean polynomials. In: Electronic Proceedings of MEGA 2007 (2007), http://www.ricam.oeaw.ac.at/mega2007/electronic/26.pdf
  10. 10.
    Buchmann, J., Pyshkin, A., Weinmann, R.-P.: Block ciphers sensitive to gröbner basis attacks. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 313–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — A family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Cho, J.Y.: Linear cryptanalysis of reduced-round PRESENT. Cryptology ePrint Archive, Report 2009/397 (2009), http://eprint.iacr.org/2009/397
  13. 13.
    Cid, C.: D.STVL.7 algebraic cryptanalysis of symmetric primitives (2008), http://www.ecrypt.eu.org/ecrypt1/documents/D.STVL.7.pdf
  14. 14.
    Cid, C., Leurent, G.: An analysis of the XSL algorithm. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 333–352. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Cid, C., Murphy, S., Robshaw, M.J.B.: Small scale variants of the AES. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 145–162. Springer, Heidelberg (2005), http://www.isg.rhul.ac.uk/~sean/smallAES-fse05.pdf CrossRefGoogle Scholar
  16. 16.
    Collard, B., Standaert, F.-X.: A statistical saturation attack against the block cipher PRESENT. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 195–210. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Courtois, N.T.: Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Courtois, N.T.: Higher order correlation attacks,XL algorithm and cryptanalysis of toyocrypt. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 182–199. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Courtois, N.T., Bard, G.V.: Algebraic cryptanalysis of the data encryption standard. In: Galbraith, S.D. (ed.) CC 2007. LNCS, vol. 4887, pp. 152–169. Springer, Heidelberg (2007), pre-print available at http://eprint.iacr.org/2006/402
  20. 20.
    Courtois, N.T., Meier, W.: Algebraic attacks on stream ciphers with linear feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Courtois, N.T., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  22. 22.
    Faugère, J.-C., Levy-dit-Vehel, F., Perret, L.: Cryptanalysis of minRank. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 280–296. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Faugère, J.-C., Joux, A.: Algebraic cryptanalysis of hidden field equation (HFE) cryptosystems using gröbner bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Faugère, J.-C., Perret, L.: Cryptanalysis of 2R schemes. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 357–372. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  25. 25.
    Faugère, J.-C., Perret, L.: Algebraic cryptanalysis of Curry and Flurry using correlated messages. Cryptology ePrint Archive, Report 2008/402 (2008), http://eprint.iacr.org/2008/402.pdf
  26. 26.
    Nakahara Jr., J., Sepehrdad, P., Zhang, B., Wang, M.: Linear (Hull) and algebraic cryptanalysis of the block cipher PRESENT. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 58–75. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  27. 27.
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  28. 28.
    Soos, M., Nohl, K., Castelluccia, C.: Extending SAT solvers to cryptographic problems. In: Kullmann, O. (ed.) SAT 2009. LNCS, vol. 5584, pp. 244–257. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  29. 29.
    Stein, W., et al.: SAGE Mathematics Software. The Sage Development Team (2008), http://www.sagemath.org
  30. 30.
    Wang, M.: Differential cryptanalysis of reduced-round PRESENT. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 40–49. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  31. 31.
    Z’aba, M.R., Raddum, H., Henricksen, M., Dawson, E.: Bit-pattern based integral attack. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 363–381. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Martin Albrecht
    • 1
  • Carlos Cid
    • 1
  • Thomas Dullien
    • 2
  • Jean-Charles Faugère
    • 3
  • Ludovic Perret
    • 3
  1. 1.Information Security Group, Royal HollowayUniversity of LondonEghamUnited Kingdom
  2. 2.Lehrstuhl für Kryptologie und IT-SicherheitRuhr-Universität BochumBochumGermany
  3. 3.SALSA Project - INRIA (Centre Paris-Rocquencourt)UPMC, Univ Paris 06 - CNRS, UMR 7606, LIP6ParisFrance

Personalised recommendations