Skip to main content
SpringerLink
Log in

Cryptanalysis of Ciminion

  • Conference paper
  • First Online:
Information Security and Cryptology (Inscrypt 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13837))

Included in the following conference series:

  • 659 Accesses

Abstract

Ciminion is a symmetric cryptographic algorithm proposed by Dobraunig et al. in EUROCRYPT 2021, which is based on Toffoli-Gates over \(\mathbb {F}_{2^n}\) or \(\mathbb {F}_p\). This cipher is a multiparty computation (MPC), fully-homomorphic encryption (FHE) and zero-knowledge (ZK) friendly symmetric-key primitive due to its low multiplicative complexity. There is currently no published third-party cryptanalysis of this algorithm. In this paper, we give the first analysis on Ciminion based on higher order differential cryptanalysis and integral cryptanalysis. We consider the three sets of instances, i.e., “standard” set, “conservative” set and the instances used in MPC application, and construct the corresponding reduced-round distinguishers over \(\mathbb {F}_{2^n}\) and \(\mathbb {F}_p\), respectively. On the other hand, we observe a linear relation between the input and output of the round function and conclude a new set of weak random numbers based on this observation. For an aggressive evolution of Ciminion called Aiminion, we recover the subkeys under these weak random numbers. Although we cannot recover the master key, the information disclosure of the subkeys also poses certain potential threats to the cryptographic algorithm. Our results can provide guidance for designers to choose round random numbers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Recently, the work [7] in Tosc 2022 gave an analysis on Ciminion. They constructed a new polynomial system to recover the full internal state. The idea is different from ours in this paper, so it will not be described carefully here. Interested readers can refer to [7].

  2. 2.

    \(\oplus \) is replaced by +, the addition modulo p on \(\mathbb {F}_p\).

  3. 3.

    Note that this analysis only holds for certain large prime numbers, That is, when the subspace T that satisfies the condition must exist.

  4. 4.

    From Sect. 2.1, we know that the random numbers used in \(P_E\) are the round random numbers from the last 9 rounds of \(P_C\).

  5. 5.

    For Aiminion, the data limit is \(2^{\frac{s}{2}}\) elements. So the number of stream keys we used is at most \(2^{\frac{s}{2}}\).

References

  1. Albrecht, M.R., Cid, C., Grassi, L., Khovratovich, D., Lüftenegger, R., Rechberger, C., Schofnegger, M.: Algebraic cryptanalysis of stark-friendly designs: application to MARVELlous and MiMC. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019, Part III. LNCS, vol. 11923, pp. 371–397. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34618-8_13

    Chapter  Google Scholar 

  2. Albrecht, M.R., et al.: Feistel structures for MPC, and more. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019, Part II. LNCS, vol. 11736, pp. 151–171. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29962-0_8

    Chapter  Google Scholar 

  3. Albrecht, M., Grassi, L., Rechberger, C., Roy, A., Tiessen, T.: MiMC: efficient encryption and cryptographic hashing with minimal multiplicative complexity. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016, Part I. LNCS, vol. 10031, pp. 191–219. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53887-6_7

    Chapter  Google Scholar 

  4. Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part I. LNCS, vol. 9056, pp. 430–454. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_17

    Chapter  Google Scholar 

  5. Aly, A., Ashur, T., Ben-Sasson, E., Dhooghe, S., Szepieniec, A.: Design of symmetric-key primitives for advanced cryptographic protocols. IACR Trans. Symmetric Cryptol. 2020(3), 1–45 (2020). https://doi.org/10.13154/tosc.v2020.i3.1-45

    Article  Google Scholar 

  6. Ashur, T., Dhooghe, S.: Marvellous: a stark-friendly family of cryptographic primitives. IACR Cryptol. ePrint Arch., p. 1098 (2018). https://eprint.iacr.org/2018/1098

  7. Bariant, A., Bouvier, C., Leurent, G., Perrin, L.: Algebraic attacks against some arithmetization-oriented primitives. IACR Trans. Symmetric Cryptol. 2022(3), 73–101 (2022). https://doi.org/10.46586/tosc.v2022.i3.73-101

    Article  Google Scholar 

  8. Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak SHA-3 submission (version 3.0) (2011)

    Google Scholar 

  9. Beyne, T., et al.: Out of Oddity – New Cryptanalytic Techniques Against Symmetric Primitives Optimized for Integrity Proof Systems. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part III. LNCS, vol. 12172, pp. 299–328. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_11

    Chapter  Google Scholar 

  10. Canteaut, A., et al.: Stream ciphers: a practical solution for efficient homomorphic-ciphertext compression. J. Cryptol. 31(3), 885–916 (2018). https://doi.org/10.1007/s00145-017-9273-9

    Article  MathSciNet  MATH  Google Scholar 

  11. Carlet, C., Charpin, P., Zinoviev, V.: Codes, bent functions and permutations suitable for des-like cryptosystem (1998)

    Google Scholar 

  12. Cid, C., Grassi, L., Gunsing, A., Lüftenegger, R., Rechberger, C., Schofnegger, M.: Influence of the linear layer on the algebraic degree in SP-networks. Cryptology ePrint Archive, Paper 2020/536 (2020)

    Google Scholar 

  13. Dinur, I., Kales, D., Promitzer, A., Ramacher, S., Rechberger, C.: Linear equivalence of block ciphers with partial non-linear layers: application to LowMC. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019, Part I. LNCS, vol. 11476, pp. 343–372. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_12

    Chapter  Google Scholar 

  14. Dobraunig, C., et al.: Rasta: a cipher with low ANDdepth and few ANDs per bit. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018, Part I. LNCS, vol. 10991, pp. 662–692. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_22

    Chapter  Google Scholar 

  15. Dobraunig, C., Grassi, L., Guinet, A., Kuijsters, D.: Ciminion: symmetric encryption based on Toffoli-gates over large finite fields. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021, Part II. LNCS, vol. 12697, pp. 3–34. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77886-6_1

    Chapter  Google Scholar 

  16. Eichlseder, M., et al.: An algebraic attack on ciphers with low-degree round functions: application to full MiMC. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020, Part I. LNCS, vol. 12491, pp. 477–506. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64837-4_16

    Chapter  Google Scholar 

  17. Grassi, L., Khovratovich, D., Rechberger, C., Roy, A., Schofnegger, M.: Poseidon: a new hash function for zero-knowledge proof systems. In: Bailey, M., Greenstadt, R. (eds.) 30th USENIX Security Symposium, USENIX Security 2021, 11–13 August 2021, pp. 519–535. USENIX Association (2021). https://www.usenix.org/conference/usenixsecurity21/presentation/grassi

  18. Grassi, L., Lüftenegger, R., Rechberger, C., Rotaru, D., Schofnegger, M.: On a generalization of substitution-permutation networks: the HADES design strategy. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020, Part II. LNCS, vol. 12106, pp. 674–704. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_23

    Chapter  Google Scholar 

  19. Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-60590-8_16

    Chapter  Google Scholar 

  20. Knudsen, L.R., Rijmen, V.: Known-key distinguishers for some block ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315–324. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76900-2_19

    Chapter  Google Scholar 

  21. Knudsen, L., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45661-9_9

    Chapter  Google Scholar 

  22. Lai, X.: Higher order derivatives and differential cryptanalysis. In: Blahut, R.E., Costello, D.J., Maurer, U., Mittelholzer, T. (eds.) Communications and Cryptography. The Springer International Series in Engineering and Computer Science, vol. 276, pp. 227–233. Springer, Boston (1994). https://doi.org/10.1007/978-1-4615-2694-0_23

    Chapter  Google Scholar 

  23. Méaux, P., Journault, A., Standaert, F.-X., Carlet, C.: Towards stream ciphers for efficient FHE with low-noise ciphertexts. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016, Part I. LNCS, vol. 9665, pp. 311–343. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_13

    Chapter  Google Scholar 

  24. NIST: SHA-3 standard: permutation-based hash and extendable-output functions (2015)

    Google Scholar 

  25. Toffoli, T.: Reversible computing. In: de Bakker, J., van Leeuwen, J. (eds.) ICALP 1980. LNCS, vol. 85, pp. 632–644. Springer, Heidelberg (1980). https://doi.org/10.1007/3-540-10003-2_104

    Chapter  Google Scholar 

Download references

Acknowledgement

This work was supported by the National Natural Science Foundation of China (Grant No. 61872359, 62122085 and 61936008), the National Key R &D Program of China (Grant No. 2020YFB1805402), and the Youth Innovation Promotion Association of Chinese Academy of Sciences.

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Lulu Zhang, Meicheng Liu, Shuaishuai Li & Dongdai Lin

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Lulu Zhang, Meicheng Liu, Shuaishuai Li & Dongdai Lin

Authors
  1. Lulu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Meicheng Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shuaishuai Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dongdai Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Meicheng Liu or Dongdai Lin .

Editor information

Editors and Affiliations

  1. Institute of Information Engineering, CAS, Beijing, China

    Yi Deng

  2. Columbia University, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, L., Liu, M., Li, S., Lin, D. (2023). Cryptanalysis of Ciminion. In: Deng, Y., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2022. Lecture Notes in Computer Science, vol 13837. Springer, Cham. https://doi.org/10.1007/978-3-031-26553-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-26553-2_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-26552-5

  • Online ISBN: 978-3-031-26553-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation