Paper 2022/1518

An Experimentally Verified Attack on 820-Round Trivium (Full Version)

Cheng Che
Tian Tian
Abstract

The cube attack is one of the most important cryptanalytic techniques against Trivium. As the method of recovering superpolies becomes more and more effective, another problem of cube attacks, i.e., how to select cubes corresponding to balanced superpolies, is attracting more and more attention. It is well-known that a balanced superpoly could be used in both theoretical and practical analyses. In this paper, we present a novel framework to search for valuable cubes whose superpolies have an independent secret variable each, i.e., a linear variable not appearing in any nonlinear term. To control online complexity, valuable cubes are selected from very few large cubes. New ideas are given on the large cube construction and the subcube sieve. For the verification of this new algorithm, we apply it to Trivium. For 815-round Trivium, using one cube of size 47, we obtain more than 200 balanced superpolies containing 68 different independent secret variables. To make a trade-off between the number of cubes and computation complexity, we choose 35 balanced superpolies and mount a key-recovery attack on 815-round Trivium with a complexity of $2^{47.32}$. For 820-round Trivium, using two cubes of size 52, we obtain more than 100 balanced superpolies, which contain 54 different independent secret variables. With 30 balanced superpolies, we mount a key-recovery attack on 820-round Trivium with a complexity of $2^{53.17}$. Strong experimental evidence shows that the full key-recovery attacks on 815- and 820-round Trivium could be completed within six hours and two weeks on a PC with two RTX3090 GPUs, respectively.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Inscrypt 2022
Keywords
Cube Attacks Key-Recovery Attacks Division Property Trivium
Contact author(s)
che_cheng @ 126 com
tiantian_d @ 126 com
History
2022-11-16: revised
2022-11-03: received
See all versions
Short URL
https://ia.cr/2022/1518
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1518,
      author = {Cheng Che and Tian Tian},
      title = {An Experimentally Verified Attack on 820-Round Trivium (Full Version)},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1518},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1518}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.