Abstract
In this paper we present experimental results of an application of SAT solvers in current cryptography. Trivium is a very promising stream cipher candidate in the final phase of the eSTREAM project. We use the fastest industrial SAT solvers to attack a reduced version of Trivium – called Bivium. Our experimental attack time using the SAT solver is the best attack time that we are aware of, it is faster than the following attacks: exhaustive search, a BDD based attack, a graph theoretic approach and an attack based on Gröbner bases. The attack recovers the internal state of the cipher by first setting up an equation system describing the internal state, then transforming it into CNF and then solving it. When one implements this attack, several questions have to be answered and several parameters have to be optimised.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
eSTREAM: eSTREAM – The ECRYPT Stream Cipher Project. http://www.ecrypt.eu.org/stream/
NESSIE: NESSIE – New European Schemes for Signatures, Integrity and Encryption. https://www.cosic.esat.kuleuven.be/nessie/
De Cannière, C., Preneel, B.: TRIVIUM – a stream cipher construction inspired by block cipher design principles. eSTREAM, ECRYPT Stream Cipher Project, Report 2005/030 (2005), http://www.ecrypt.eu.org/stream/trivium.html
Raddum, H.: Cryptanalytic results on TRIVIUM. eSTREAM, ECRYPT Stream Cipher Project, Report 2006/039 (2006), http://www.ecrypt.eu.org/stream
Le Berre, D., Simon, L.: Special Volume on the SAT 2005 competitions and evaluations. Journal of Satisfiability (JSAT) (March 2006), http://www.satcompetition.org/
Maximov, A., Biryukov, A.: Two Trivial Attacks on Trivium. In: Selected Areas in Cryptography 2007, pp. 36–55 (2007)
Biryukov, A., Shamir, A.: Cryptoanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000)
Bard, G., Courtois, N., Jefferson, C.: Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers. Cryptology ePrint Archiv, Report 2007/024 (2007)
McDonald, C., Charnes, C., Pieprzyk, J.: Attacking Bivium with MiniSat. Cryptology ePrint Archive, Report 2007/040 (2007)
DIMACS specification: http://www.satlib.org/Benchmarks/SAT/satformat.ps
Pipatsrisawat, K., Darwiche, A.: RSat 2.0: SAT Solver Description. Technical report D153. Automated Reasoning Group, Computer Science Department, University of California, Los Angeles (2007), http://reasoning.cs.ucla.edu/rsat/
Een, N., Sorensson, N.: MiniSat – A SAT Solver with Conflict-Clause Minimization. In: Bacchus, F., Walsh, T. (eds.) SAT 2005. LNCS, vol. 3569, Springer, Heidelberg (2005), http://www.cs.chalmers.se/Cs/Research/FormalMethods/MiniSat/MiniSat.html
Wegener, I.: Branching Programs and Binary Decision Diagrams. SIAM Monographs on Discrete Mathematics and Applications. SIAM, Philadelphia (2000)
Krause, M.: BDD-Based Cryptanalysis of Keystream Generators. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 237–239. Springer, Heidelberg (2002)
Krause, M.: OBDD-Based Cryptanalysis of Oblivious Keystream Generators. Theory of Computing Systems 40(1), 101–121 (2007)
Krause, M., Stegemann, D.: Reducing the space complexity of BDD-based attacks on keystream generators. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 163–178. Springer, Heidelberg (2006)
Stegemann, D.: Extended BDD-based Cryptanalysis of Keystream Generators. In: Proceedings of SAC 2007. LNCS, vol. 4876, pp. 17–35 (2007)
Somenzi, F.: CUDD, version 2.4.1, University of Colorado, http://vlsi.colorado.edu/~fabio/CUDD/
Stein, W.: Sage Mathematics Software (Version 2.9.2) The SAGE Group (2007), http://www.sagemath.org .
Greuel, G.-M., Pfister, G., Schönemann, H.: Singular 3.0.4. A Computer Algebra System for Polynomial Computations. Centre for Computer Algebra, University of Kaiserslautern (2007), http://www.singular.uni-kl.de/
Buchberger, B.: Gröbner Bases: A Short Introduction for System Theorists. In: Moreno-Díaz Jr., R., Buchberger, B., Freire, J.-L. (eds.) EUROCAST 2001. LNCS, vol. 2178, pp. 1–14. Springer, Heidelberg (2001)
Brickenstein, M.: Slimgb: Gröbner Bases with Slim Polynomials. Reports on Computer Algebra 35, ZCA, University of Kaiserslautern (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Eibach, T., Pilz, E., Völkel, G. (2008). Attacking Bivium Using SAT Solvers. In: Kleine Büning, H., Zhao, X. (eds) Theory and Applications of Satisfiability Testing – SAT 2008. SAT 2008. Lecture Notes in Computer Science, vol 4996. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79719-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-79719-7_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79718-0
Online ISBN: 978-3-540-79719-7
eBook Packages: Computer ScienceComputer Science (R0)