Abstract
This paper presents the first results on AIDA/cube, algebraic and side-channel attacks on variable number of rounds of all members of the KATAN family of block ciphers. Our cube attacks reach 60, 40 and 30 rounds of KATAN32, KATAN48 and KATAN64, respectively. In our algebraic attacks, we use SAT solvers as a tool to solve the quadratic equations representation of all KATAN ciphers. We introduced a novel pre-processing stage on the equations system before feeding it to the SAT solver. This way, we could break 79, 64 and 60 rounds of KATAN32, KATAN48, KATAN64, respectively. We show how to perform side channel attacks on the full 254-round KATAN32 with one-bit information leakage from the internal state by cube attacks. Finally, we show how to reduce the attack complexity by combining the cube attack with the algebraic attack to recover the full 80-bit key. Further contributions include new phenomena observed in cube, algebraic and side-channel attacks on the KATAN ciphers. For the cube attacks, we observed that the same maxterms suggested more than one cube equation, thus reducing the overall data and time complexities. For the algebraic attacks, a novel pre-processing step led to a speed up of the SAT solver program. For the side-channel attacks, 29 linearly independent cube equations were recovered after 40-round KATAN32. Finally, the combined algebraic and cube attack, a leakage of key bits after 71 rounds led to a speed up of the algebraic attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ars, G., Faugère, J.-C.: An Algebraic Cryptanalysis of Nonlinear Filter Generators using Gröbner Bases. Technical report, INRIA research report (2003), https://hal.ccsd.cnrs.fr/
Aumasson, J.P., Dinur, I., Meier, W., Shamir, A.: Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium. In: Dunkelman, O. (ed.) Fast Software Encryption. LNCS, vol. 5665, pp. 1–22. Springer, Heidelberg (2009)
Bard, G.: Algebraic Cryptanalysis. Springer, Heidelberg (2009)
Bard, G., Courtois, N., Jefferson, C.: Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers. Presented at ECRYPT workshop Tools for Cryptanalysis eprint/2007/024 (2007)
Blum, M., Luby, M., Rubinfeld, R.: Self testing/correcting with applications to numerical problems. In: ACM STOC, pp. 73–83 (1990)
Buchberger, B.: An Algorithm for Finding the Basis Elements of the Residue Class Ring of a Zero Dimensional Polynomial Ideal. PhD thesis, Johannes Kepler University of Linz, JKU (1965)
Courtois, N., Bard, G., Wagner, D.: Algebraic and Slide Attacks on Keeloq. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 97–115. Springer, Heidelberg (2008)
Courtois, N., Bard, G.V.: Algebraic Cryptanalysis of the Data Encryption Standard. In: Galbraith, S.D. (ed.) IMA Int. Conf 2007. LNCS, vol. 4887, pp. 152–169. Springer, Heidelberg (2007)
Courtois, N., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003)
Courtois, N., O’Neil, S., Quisquater, J.: Practical Algebraic Attacks on the Hitag2 Stream Cipher. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 167–176. Springer, Heidelberg (2009)
Courtois, N., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)
Courtois, N., Shamir, A., Patarin, J., Klimov, A.: Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)
De Canniére, C., Dunkelman, O., Knezević, M.: Katan and ktantan - a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)
De Canniére, C., Preneel, B.: Trivium. In: Robshaw, M.J.B., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 244–266. Springer, Heidelberg (2008)
Ding, J., Buchmann, J., Mohamed, M.S.E., Mohamed, W.S.A., Weinmann, R.-P.: MutantXL algorithm. In: Proceedings of the 1st International Conference in Symbolic Computation and Cryptography, pp. 16–22 (2008)
Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2010)
Dinur, I., Shamir, A.: Side Channel Cube Attacks on Block Ciphers. IACR ePrint Archive, ePrint 127 (2009)
Een, N., Sorensson, N.: Minisat - A SAT Solver with Conflict-Clause Minimization. In: Giunchiglia, E., Tacchella, A. (eds.) SAT 2003. LNCS, vol. 2919, pp. 502–518. Springer, Heidelberg (2004)
Faugère, J.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F5). In: Symbolic and Algebraic Computation - ISSAC, pp. 75–83 (2002)
Faugère, J.C.: A new effcient algorithm for computing Gröbner bases (F4). Journal of Pure and Applied Algebra 139(1), 61–88 (1999)
Indesteege, S., Keller, N., Dunkelman, O., Biham, E., Preneel, B.: A Practical Attack on Keeloq. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 1–18. Springer, Heidelberg (2008)
Lazard, D.: Gröbner-bases, Gaussian elimination and resolution of systems of algebraic equations. In: van Hulzen, J.A. (ed.) ISSAC 1983 and EUROCAL 1983. LNCS, vol. 162, Springer, Heidelberg (1983)
Macaulay, F.S.: The algebraic theory of modular systems. Cambridge Mathematical Library (1916)
Markovitz, H.M.: The Elimination Form of the Inverse and Its Application to Linear Programming. Management Science, 225–269 (1957)
Mohamed, M.S.E., Mohamed, W.S.A.E., Ding, J., Buchmann, J.: MXL2: Solving Polynomial Equations over GF(2) using an Improved Mutant Strategy. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 203–215. Springer, Heidelberg (2008)
Nohl, K., Soos, M.: Solving Low-Complexity Ciphers with Optimized SAT Solvers. In: EUROCRYPT (2009)
Raddum, H., Semaev, I.: New technique for solving sparse equation systems. In: Cryptology ePrint Archive (2006), http://eprint.iacr.org/2006/475
SAT. Sat Race Competition, http://www.satcompetition.org/
Shannon, C.E.: Claude Elwood Shannon Collected Papers. Wiley-IEEE Press, Piscataway (1993)
Vielhaber, M.: Breaking ONE.FIVIUM by AIDA an Algebraic IV Differential Attack. In: Cryptology ePrint Archive, report 413 (2007)
Wong, K.K.H., Bard, G.: Improved Algebraic Cryptanalysis of QUAD, Bivium and Trivium via Graph Partitioning on Equation Systems. In: ACISP (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bard, G.V., Courtois, N.T., Nakahara, J., Sepehrdad, P., Zhang, B. (2010). Algebraic, AIDA/Cube and Side Channel Analysis of KATAN Family of Block Ciphers. In: Gong, G., Gupta, K.C. (eds) Progress in Cryptology - INDOCRYPT 2010. INDOCRYPT 2010. Lecture Notes in Computer Science, vol 6498. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17401-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-17401-8_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17400-1
Online ISBN: 978-3-642-17401-8
eBook Packages: Computer ScienceComputer Science (R0)