Improvements of Linearization-based Algebraic Attacks on Block Ciphers

نویسنده

  • Satrajit Ghosh
چکیده

Algebraic attacks are studied as a potential cryptanalytic procedure for several cryptographic primitives. In an algebraic attack on a cipher, one expresses the encryption function as a system (usually overdefined) of multivariate polynomial equations in the bits of the plaintext, the ciphertext and the key, and subsequently solves the system for the unknown key bits from the knowledge of one or more plaintext/ciphertext pairs. The systems of equations arising from ciphers are typically multivariate polynomial equations over finite fields (usually, GF (2)). Algebraic techniques have been practically applied for solving systems available from some block ciphers, stream ciphers and public-key cryptosystems. However, the general complexity of algebraic attacks is poor—indeed poorer than exhaustive key search. In 2000, eXtended Linearization (XL) was introduced as a tool for solving systems of multivariate polynomial equations. The standard XL algorithm expands the initial system of equations by monomial multiplications. The expanded system is treated as a linear system in the monomials. Linear-algebra techniques are then used to solve for the monomials, and in particular, the unknown variables standing for the key. However, for most block ciphers (including the Advanced Encryption Standard (AES)), the monomial-multiplication phase yields linearized systems, solving which demands more effort than exhaustive key search. In this thesis, we first propose a heuristic strategy XL SGE to reduce the count of linearized equations in the expanded system. This reduction is achieved by decomposing the expansion stage of XL into a sequence of variable-multiplication stages, and applying structured Gaussian elimination (SGE) before each stage of variable multiplication. This first proposal XL SGE suffers from some drawbacks that impair the effectiveness of SGE-based reduction at all multiplication stages except the first. In order to avoid this problem, we propose three improved variants of XL SGE. XL SGE-2 uses a partial monomial-multiplication strategy to curb the generation of linearized equations in a random (but controlled) fashion. We also handle a variant of SGE in which xiv columns of weight two are eliminated without increasing the weight of the coefficient matrix (we call this variant XL SGE). In our third modification XL SGE-3, we use intelligent strategies to identify and remove many redundant equations before each variable-multiplication stage. In short, the key contribution of this thesis is the proposal of using SGE during the expansion phase of XL. (The subsequent linear-algebra phase is naturally expected to exploit SGE, anyway.) All of our modified algorithms have been experimentally verified to be substantially superior to XL SGE. Experimentation on small random systems indicates that the proposed XL SGE family has the potential to significantly improve upon the performance of XL in terms of the size of the final solvable system. We also experimented with a toy version of AES, and noticed significant performance gains achieved by XL SGE variants over XL. A theoretical analysis of the superiority of XL SGE over XL continues to remain an open area of research.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Algebraic Attack Efficiency versus S-box Representation

Algebraic analysis of block ciphers aims at finding the secret key by solving a collection of polynomial equations that describe the internal structure of a cipher for chosen observations of plaintext/ciphertext pairs. Although algebraic attacks are addressed for cryptanalysis of block and stream ciphers, there is a lack of understanding of the impact of algebraic representation of the cipher o...

متن کامل

Design of Stream Ciphers and Cryptographic Properties of Nonlinear Functions

Block and stream ciphers are widely used to protect the privacy of digital informa-tion. A variety of attacks against block and stream ciphers exist; the most recentbeing the algebraic attacks. These attacks reduce the cipher to a simple algebraicsystem which can be solved by known algebraic techniques. These attacks havebeen very successful against a variety of stream ciphers a...

متن کامل

Algebraic Attacks on the Courtois Toy Cipher

Block ciphers are fundamental building block of modern cryptography. Recently, a new technique to attack block ciphers has emerged called “algebraic attacks”. These attacks work by expressing block ciphers as quadratic equation systems and solving those systems of equations. In May 2006 Nicolas Courtois – author of many influential research papers on algebraic attacks – presented a toy cipher c...

متن کامل

The Inverse S-Box, Non-linear Polynomial Relations and Cryptanalysis of Block Ciphers

This paper is motivated by the design of AES. We consider a broader question of cryptanalysis of block ciphers having very good non-linearity and diffusion. Can we expect anyway, to attacks such ciphers, clearly designed to render hopeless the main classical attacks ? Recently a lot of attention have been drawn to the existence of multivariate algebraic relations for AES (and other) S-boxes. Th...

متن کامل

Algebraic, AIDA/Cube and Side Channel Analysis of KATAN Family of Block Ciphers

This paper presents the first results on AIDA/cube, algebraic and sidechannel attacks on variable number of rounds of all members of the KATAN family of block ciphers. Our cube attacks reach 60, 40 and 30 rounds of KATAN32, KATAN48 and KATAN64, respectively. In our algebraic attacks, we use SAT solvers as a tool to solve the quadratic equations representation of all KATAN ciphers. We introduced...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012