Schloss Dagstuhl - Leibniz-Zentrum für Informatik GmbH Schloss Dagstuhl - Leibniz-Zentrum für Informatik GmbH scholarly article en Aumasson, Jean-Philippe; Dinur, Itai; Meier, Willi; Shamir, Adi License
when quoting this document, please refer to the following
URN: urn:nbn:de:0030-drops-19443

; ; ;

Cube Testers and Key Recovery Attacks On Reduced-Round MD6 and Trivium



CRYPTO 2008 saw the introduction of the hash function MD6 and of cube attacks, a type of algebraic attack applicable to cryptographic functions having a low-degree algebraic normal form over GF(2). This paper applies cube attacks to reduced round MD6, finding the full 128-bit key of a 14-round MD6 with complexity 2\^22 (which takes less than a minute on a single PC). This is the best key recovery attack announced so far for MD6. We then introduce a new class of attacks called cube testers, based on efficient property-testing algorithms, and apply them to MD6 and to the stream cipher Trivium. Unlike the standard cube attacks, cube testers detect nonrandom behavior rather than performing key extraction, but they can also attack cryptographic schemes described by nonrandom polynomials of relatively high degree. Applied to MD6, cube testers detect nonrandomness over 18 rounds in 2\^17 complexity; applied to a slightly modified version of the MD6 compression function, they can distinguish 66 rounds from random in 2\^24 complexity. Cube testers give distinguishers on Trivium reduced to 790 rounds from random with 2^30 complexity and detect nonrandomness over 885 rounds in 2\^27, improving on the original 767-round cube attack.

BibTeX - Entry

  author =	{Jean-Philippe Aumasson and Itai Dinur and Willi Meier and Adi Shamir},
  title =	{Cube Testers and Key Recovery Attacks On Reduced-Round MD6 and Trivium},
  booktitle =	{Symmetric Cryptography },
  year =	{2009},
  editor =	{Helena Handschuh and Stefan Lucks and Bart Preneel and Phillip Rogaway},
  number =	{09031},
  series =	{Dagstuhl Seminar Proceedings},
  ISSN =	{1862-4405},
  publisher =	{Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany},
  address =	{Dagstuhl, Germany},
  URL =		{},
  annote =	{Keywords: Cube attacks, property testing, MD6, Trivium}

Keywords: Cube attacks, property testing, MD6, Trivium
Seminar: 09031 - Symmetric Cryptography
Issue date: 2009
Date of publication: 30.03.2009

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI