Advertisement

Several MILP-Aided Attacks Against SNOW 2.0

  • Yuki Funabiki
  • Yosuke Todo
  • Takanori Isobe
  • Masakatu Morii
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11124)

Abstract

SNOW 2.0 is a software-oriented stream cipher and internationally standardized by ISO/IEC 18033-4. In this paper, we present three attacks on SNOW 2.0 by MILP-aided automatic search algorithms. First, we present an efficient algorithm to find linear masks with the high correlation. It enables us to improve time and data complexities of the known fast correlation attacks. Then we propose a 17-round integral distinguisher out of 32 rounds by evaluating the propagation of the division property. Moreover, we propose a cube attack on the 14-round SNOW 2.0. The time complexity is \(2^{61.59}\) where \(2^{39}\) chosen IVs are required. As far as we know, these are the first investigations about integral and cube attacks of SNOW 2.0, respectively.

Keywords

Stream cipher SNOW 2.0 Fast correlation attack Division property Integral distinguisher Cube attack MILP 

Notes

Acknowledgment

This work was supported by JSPS KAKENHI Grant Numbers JP17K00184, JP17K12698.

References

  1. 1.
  2. 2.
    Biryukov, A., Priemuth-Schmid, D., Zhang, B.: Multiset collision attacks on reduced-round SNOW 3G and SNOW 3G(+). In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 139–153. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13708-2_9CrossRefzbMATHGoogle Scholar
  3. 3.
    Chose, P., Joux, A., Mitton, M.: Fast correlation attacks: an algorithmic point of view. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 209–221. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-46035-7_14CrossRefGoogle Scholar
  4. 4.
    Coppersmith, D., Halevi, S., Jutla, C.: Cryptanalysis of stream ciphers with linear masking. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 515–532. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45708-9_33CrossRefGoogle Scholar
  5. 5.
    Cui, T., Jia, K., Fu, K., Chen, S., Wang, M.: New automatic search tool for impossible differentials and zero-correlation linear approximations. IACR Cryptology ePrint Archive 2016, p. 689 (2016)Google Scholar
  6. 6.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, Heidelberg (2002).  https://doi.org/10.1007/978-3-662-04722-4CrossRefzbMATHGoogle Scholar
  7. 7.
    Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_16CrossRefGoogle Scholar
  8. 8.
    Ekdahl, P., Johansson, T.: SNOW-a new stream cipher. In: Proceedings of First Open NESSIE Workshop, pp. 167–168 (2000)Google Scholar
  9. 9.
    Ekdahl, P., Johansson, T.: A new version of the stream cipher SNOW. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 47–61. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36492-7_5CrossRefGoogle Scholar
  10. 10.
    Fu, K., Wang, M., Guo, Y., Sun, S., Hu, L.: MILP-based automatic search algorithms for differential and linear trails for speck. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 268–288. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-52993-5_14CrossRefGoogle Scholar
  11. 11.
    Hawkes, P., Rose, G.G.: Guess-and-determine attacks on SNOW. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 37–46. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36492-7_4CrossRefGoogle Scholar
  12. 12.
    ISO/IEC: JTC1: ISO/IEC 18033–4: Information technology - security techniques - encryption algorithms - part 4: Stream ciphers (2011)Google Scholar
  13. 13.
    Lee, J.-K., Lee, D.H., Park, S.: Cryptanalysis of sosemanuk and SNOW 2.0 using linear masks. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 524–538. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-89255-7_32CrossRefGoogle Scholar
  14. 14.
    Lu, Y., Vaudenay, S.: Faster correlation attack on bluetooth keystream generator E0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 407–425. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28628-8_25CrossRefGoogle Scholar
  15. 15.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48285-7_33CrossRefGoogle Scholar
  16. 16.
    Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. J. Cryptol. 1(3), 159–176 (1989)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Mouha, N., Wang, Q., Gu, D., Preneel, B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 57–76. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34704-7_5CrossRefzbMATHGoogle Scholar
  18. 18.
    Nyberg, K., Wallén, J.: Improved linear distinguishers for SNOW 2.0. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 144–162. Springer, Heidelberg (2006).  https://doi.org/10.1007/11799313_10CrossRefGoogle Scholar
  19. 19.
    Sasaki, Y., Todo, Y.: New impossible differential search tool from design and cryptanalysis aspects. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10212, pp. 185–215. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-56617-7_7CrossRefGoogle Scholar
  20. 20.
    Stein, W., et al.: Sage: Open Source Mathematical Software (2008)Google Scholar
  21. 21.
    Sun, L., Wang, W., Wang, M.: Automatic search of bit-based division property for ARX ciphers and word-based division property. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 128–157. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-70694-8_5CrossRefGoogle Scholar
  22. 22.
    Sun, S., et al.: Towards finding the best characteristics of some bit-oriented block ciphers and automatic enumeration of (related-key) differential and linear characteristics with predefined properties. Technical report, Cryptology ePrint Archive, Report 2014/747 (2014)Google Scholar
  23. 23.
    Sun, S., Hu, L., Wang, P., Qiao, K., Ma, X., Song, L.: Automatic security evaluation and (related-key) differential characteristic search: application to SIMON, PRESENT, LBlock, DES(L) and other bit-oriented block ciphers. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 158–178. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_9CrossRefGoogle Scholar
  24. 24.
    Todo, Y.: Structural evaluation by generalized integral property. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 287–314. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_12CrossRefGoogle Scholar
  25. 25.
    Todo, Y., Isobe, T., Hao, Y., Meier, W.: Cube attacks on non-blackbox polynomials based on division property. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 250–279. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63697-9_9CrossRefGoogle Scholar
  26. 26.
    Todo, Y., Morii, M.: Bit-based division property and application to Simon family. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 357–377. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-52993-5_18CrossRefGoogle Scholar
  27. 27.
    Wallén, J.: Linear approximations of addition modulo 2n. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 261–273. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-39887-5_20CrossRefGoogle Scholar
  28. 28.
    Wang, Q., Hao, Y., Todo, Y., Li, C., Isobe, T., Meier, W.: Improved division property based cube attacks exploiting algebraic properties of superpoly. IACR Cryptology ePrint Archive 2017, p. 1063 (2017)Google Scholar
  29. 29.
    Watanabe, D., Biryukov, A., De Cannière, C.: A distinguishing attack of SNOW 2.0 with linear masking method. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 222–233. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24654-1_16CrossRefGoogle Scholar
  30. 30.
    Xiang, Z., Zhang, W., Bao, Z., Lin, D.: Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 648–678. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_24CrossRefGoogle Scholar
  31. 31.
    Zhang, B., Xu, C., Meier, W.: Fast correlation attacks over extension fields, large-unit linear approximation and cryptanalysis of SNOW 2.0. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 643–662. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_31CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Yuki Funabiki
    • 1
  • Yosuke Todo
    • 2
  • Takanori Isobe
    • 3
  • Masakatu Morii
    • 1
  1. 1.Kobe UniversityNada-ku, KobeJapan
  2. 2.NTT Secure Platform LaboratoriesMusashino, TokyoJapan
  3. 3.University of HyogoChuo-ku, KobeJapan

Personalised recommendations