Skip to main content
SpringerLink
Log in

Improved Algebraic Cryptanalysis of QUAD, Bivium and Trivium via Graph Partitioning on Equation Systems

  • Conference paper
Information Security and Privacy (ACISP 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6168))

Included in the following conference series:

Abstract

We present a novel approach for preprocessing systems of polynomial equations via graph partitioning. The variable-sharing graph of a system of polynomial equations is defined. If such graph is disconnected, then the corresponding system of equations can be split into smaller ones that can be solved individually. This can provide a tremendous speed-up in computing the solution to the system, but is unlikely to occur either randomly or in applications. However, by deleting certain vertices on the graph, the variable-sharing graph could be disconnected in a balanced fashion, and in turn the system of polynomial equations would be separated into smaller systems of near-equal sizes. In graph theory terms, this process is equivalent to finding balanced vertex partitions with minimum-weight vertex separators. The techniques of finding these vertex partitions are discussed, and experiments are performed to evaluate its practicality for general graphs and systems of polynomial equations. Applications of this approach in algebraic cryptanalysis on symmetric ciphers are presented: For the QUAD family of stream ciphers, we show how a malicious party can manufacture conforming systems that can be easily broken. For the stream ciphers Bivium and Trivium, we achieve significant speedups in algebraic attacks against them, mainly in a partial key guess scenario. In each of these cases, the systems of polynomial equations involved are well-suited to our graph partitioning method. These results may open a new avenue for evaluating the security of symmetric ciphers against algebraic attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. BOINC: Berkeley Open Infrastructure for Network Computing, http://boinc.berkeley.edu/

  2. Al-Hinai, S., Batten, L., Colbert, B., Wong, K.K.H.: Algebraic attacks on clock-controlled stream ciphers. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 1–16. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Alon, N., Semour, P., Thomas, R.: A separator theorem for graphs with an excluded minor and its applications. Journal of the American Mathematical Society 3(4), 801–808 (1990)

    MATH  MathSciNet  Google Scholar 

  4. Arditti, D., Berbain, C., Billet, O., Gilbert, H., Patarin, J.: QUAD: Overview and recent developments. In: Biham, E., Handschuh, H., Lucks, S., Rijmen, V. (eds.) Symmetric Cryptography. Dagstuhl Seminar Proceedings, vol. 07021. Internationales Begegnungs- und Forschungszentrum fuer Informatik (IBFI), Schloss Dagstuhl, Germany (2007)

    Google Scholar 

  5. Bard, G.V.: Algorithms for solving linear and polynomial systems of equations over finite fields with applications to cryptanalysis. Ph.D. thesis, Department of Applied Mathematics and Scientific Computation, University of Maryland, College Park (August 2007), http://www.math.umd.edu/~bardg/bard_thesis.pdf

  6. Bard, G.V.: Algebraic Cryptanalysis. Springer, Heidelberg (2009)

    Book  MATH  Google Scholar 

  7. Bard, G.V., Courtois, N., Jefferson, C.: Efficient methods for conversion and solution of sparse systems of low-degree multivariate polynomials over GF(2) via SAT-Solvers. Cryptology ePrint Archive, Report 2007/024 (2007), http://eprint.iacr.org/2007/024.pdf

  8. Baños, R., Gil, C., Ortega, J., Montoya, F.G.: Multilevel heuristic algorithm for graph partitioning. In: Raidl, G.R., Cagnoni, S., Cardalda, J.J.R., Corne, D.W., Gottlieb, J., Guillot, A., Hart, E., Johnson, C.G., Marchiori, E., Meyer, J.-A., Middendorf, M. (eds.) EvoIASP 2003, EvoWorkshops 2003, EvoSTIM 2003, EvoROB/EvoRobot 2003, EvoCOP 2003, EvoBIO 2003, and EvoMUSART 2003. LNCS, vol. 2611, pp. 143–153. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Berbain, C., Gilbert, H., Patarin, J.: QUAD: A practical stream cipher with provable security. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 109–128. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. Bernstein, D.: Response to slid pairs in Salsa20 and Trivium. Tech. rep., The University of Illinois, Chicago (2008), http://cr.yp.to/snuffle/reslid-20080925.pdf

  11. Berry, J., Dean, N., Goldberg, M., Shannon, G., Skiena, S.: Graph computation with LINK. Software: Practice and Experience 30, 1285–1302 (2000)

    Article  MATH  Google Scholar 

  12. Black, M., Bard, G.: SAT over BOINC: Satisfiability solving over a volunteer grid. Draft Article (2010) (Submitted for Publication), http://www.math.umd.edu/~bardg/publications.html

  13. Bosma, W., Cannon, J., Playoust, C.: The MAGMA algebra system. I. The user language. Journal of Symbolic Computation 24(3-4), 235–265 (1997)

    Article  MATH  MathSciNet  Google Scholar 

  14. Chase, M., Lysyanskaya, A.: Simulatable vrfs with applications to multi-theorem nizk. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 303–322. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  15. Cho, J.Y., Pieprzyk, J.: Algebraic attacks on SOBER-t32 and SOBER-t16 without stuttering. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 49–64. Springer, Heidelberg (2004)

    Google Scholar 

  16. Courtois, N.: Algebraic attacks on combiners with memory and several outputs. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, pp. 3–20. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  17. Courtois, N., Meier, W.: Algebraic attacks on stream cipher with linear feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  18. Courtois, N., Shamir, A., Patarin, J., Klimov, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  19. Davis, T.A.: Direct methods for sparse linear systems, Fundamentals of Algorithms, vol. 2. SIAM, Philadelphia (2006)

    Google Scholar 

  20. De Cannière, C., Preneel, B.: Trivium specifications. Tech. rep., Katholieke Universiteit Leuven (2007), http://www.ecrypt.eu.org/stream/p3ciphers/trivium/trivium_p3.pdf

  21. Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2010)

    Google Scholar 

  22. Eén, N., Sörensson, N.: Minisat — a SAT solver with conflict-clause minimization. In: Bacchus, F., Walsh, T. (eds.) SAT 2005. LNCS, vol. 3569, pp. 61–75. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  23. Eibach, T., Pilz, E., Völkel, G.: Attacking Bivium using SAT solvers. In: Büning, H. K., Zhao, X. (eds.) SAT 2008. LNCS, vol. 4996, pp. 63–76. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  24. Faugère, J.C.: A new efficient algorithm for computer Gröbner bases (f 4). Journal of Pure and Applied Algebra 139, 61–88 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  25. Fiduccia, C., Mattheyses, R.: A linear time heuristic for improving network partitions. In: 19th ACM/IEEE Design Automation Conference, pp. 175–181 (1982)

    Google Scholar 

  26. Fremuth-Paeger, C.: Goblin: A graph object library for network programming problems (2007), http://goblin2.sourceforge.net/

  27. Gilbert, J.R., Hutchinson, J.P., Tarjan, R.E.: A separation theorem for graphs of bounded genus. Journal of Algorithms 5, 391–407 (1984)

    Article  MATH  MathSciNet  Google Scholar 

  28. Gilbert, J.R., Teng, S.H.: Meshpart: Matlab mesh partitioning and graph separator toolbox (2002), http://www.cerfacs.fr/algor/Softs/MESHPART

  29. Hendrickson, B., Leland, R.: The Chaco user’s guide: Version 2.0. Tech. Rep. SAND94-2692, Sandia National Laboratories (1994)

    Google Scholar 

  30. Hendrickson, B., Leland, R.: A multilevel algorithm for partitioning graphs. In: 1995 ACM/IEEE Supercomputing Conference. ACM, New York (1995)

    Google Scholar 

  31. Johnson, D.S.: The NP-completeness column: An on-going guide. J. Algorithms 8, 438–448 (1987)

    Article  MATH  MathSciNet  Google Scholar 

  32. Karypis, G., Kumar, V.: A fast and high quality multilevel scheme for partitioning irregular graphs. SIAM Journal on Scientific Computing 20(1), 359–392 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  33. Karypis, G., et al.: Metis — Serial graph partitioning and fill-reducing matrix ordering (1998), http://glaros.dtc.umn.edu/gkhome/views/metis/

  34. Kernighan, B., Lin, S.: An efficient heuristic procedure for partitioning graphics. Bell Systems Technical Journal 49, 291–307 (1970)

    Google Scholar 

  35. Khovratovich, D., Biryukov, D., Nikolic, I.: Speeding up collision search for byte-oriented hash functions. In: Halevi, S. (ed.) Advances in Cryptology - CRYPTO 2009. LNCS, vol. 5677, pp. 164–181. Springer, Heidelberg (2009)

    Google Scholar 

  36. Kipnis, A., Patarin, J., Goubin, L.: Unbalanced oil and vinegar signature schemes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 206–222. Springer, Heidelberg (1999)

    Google Scholar 

  37. Kumar, V., Grama, A., Gupta, A., Karypis, G.: Introduction to Parallel Computing: Design and Analysis of Algorithms. Benjamin/Cummings Publishing Company, Redwood City (1994)

    MATH  Google Scholar 

  38. Lipton, R.J., Tarjan, R.E.: A separator theorem for planar graphs. SIAM Journal on Applied Mathematics 36(2), 177–189 (1979)

    Article  MATH  MathSciNet  Google Scholar 

  39. Maximov, A., Biryukov, A.: Two trivial attacks on Trivium. In: Adams, C.M., Miri, A., Wiener, M.J. (eds.) SAC 2007. LNCS, vol. 4876, pp. 36–55. Springer, Heidelberg (2007), http://eprint.iacr.org/2007/021

  40. McDonald, C., Charnes, C., Pieprzyk, J.: An algebraic analysis of Trivium ciphers based on the boolean satisfiability problem. In: Presented at the International Conference on Boolean Functions: Cryptography and Applications, BFCA2008 (2008), Cryptology ePrint Archive, Report 2007/129 (2007), http://eprint.iacr.org/2007/129

  41. Menger, K.: Zur allgemeinen Kurventheorie. Fundamenta Mathematicae 10, 96–115 (1927)

    MATH  Google Scholar 

  42. Miller, G.L., Teng, S.H., Thurston, W., Vavasis, S.A.: Automatic mesh partitioning. In: George, A., Gilbert, J., Liu, J. (eds.) Graph Theory and Sparse Matrix Computation. The IMA Volumes in Mathematics and its Application, vol. 56, pp. 57–84. Springer, Heidelberg (1993)

    Google Scholar 

  43. Müller, R., Wagner, D.: α-vertex separator is NP-hard even for 3-regular graphs. J. Computing 46, 343–353 (1991)

    Article  MATH  Google Scholar 

  44. Pellegrini, F., Roman, J.: SCOTCH: A software package for static mapping by dual recursive bipartitioning of process and architecture graphs. In: Liddell, H., Colbrook, A., Hertzberger, B., Sloot, P.M.A. (eds.) HPCN-Europe 1996. LNCS, vol. 1067, pp. 493–498. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  45. Preis, R., Diekmann, R.: The PARTY partitioning-library, user guide - version 1.1. Tech. Rep. tr-rsfb-96-024, University of Paderborn (1996)

    Google Scholar 

  46. Priemuth-Schmid, D., Biryukov, A.: Slid pairs in Salsa20 and Trivium. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 1–14. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  47. Raddum, H., Semaev, I.: New technique for solving sparse equation systems. Cryptology ePrint Archive, Report 2006/475 (2006), http://eprint.iacr.org/2006/475

  48. Raddum, H.: Cryptanalytic results on Trivium. Tech. Rep. 2006/039, The eSTREAM Project (March 27, 2006), http://www.ecrypt.eu.org/stream/papersdir/2006/039.ps

  49. Schweikert, D.G., Kernighan, B.W.: A proper model for the partitioning of electrical circuits. In: 9th workshop on Design automation, pp. 57–92. ACM, New York (1972)

    Google Scholar 

  50. Vielhaber, M.: Breaking One. Fivium by AIDA an algebraic IV differential attack. Cryptology ePrint Archive, Report 2007/413 (2007), http://eprint.iacr.org/2007/413

  51. Walshaw, C., Cross, M.: JOSTLE: Parallel Multilevel Graph-Partitioning Software - An Overview. Tech. rep., Civil-Comp Ltd. (2007)

    Google Scholar 

  52. Wong, K.K.H.: Application of Finite Field Computation to Cryptology: Extension Field Arithmetic in Public Key Systems and Algebraic Attacks on Stream Ciphers. PhD Thesis, Information Security Institute, Queensland University of Technology (2008)

    Google Scholar 

  53. Wong, K.K.H., Bard, G., Lewis, R.: Partitioning multivariate polynomial equations via vertex separators for algebraic cryptanalysis and mathematical applications. Draft Article (2008), http://www.math.umd.edu/~bardg/publications.html

  54. Wong, K.K.H., Colbert, B., Batten, L., Al-Hinai, S.: Algebraic attacks on clock-controlled cascade ciphers. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 32–47. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  55. Yang, B.Y., Chen, O.C.H., Bernstein, D.J., Chen, J.M.: Analysis of QUAD. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 290–308. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Institute, Queensland University of Technology, Brisbane, QLD, 4000, Australia

    Kenneth Koon-Ho Wong

  2. Mathematics Department, Fordham University, The Bronx NY, 10458, USA

    Gregory V. Bard

Authors
  1. Kenneth Koon-Ho Wong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gregory V. Bard
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Macquarie University,, NSW 2109, North Ryde, Australia

    Ron Steinfeld

  2. Qualcomm Incorporated, Suite 301, Level 3, 77 King Street, NSW 2000, Sydney, Australia

    Philip Hawkes

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Koon-Ho Wong, K., Bard, G.V. (2010). Improved Algebraic Cryptanalysis of QUAD, Bivium and Trivium via Graph Partitioning on Equation Systems. In: Steinfeld, R., Hawkes, P. (eds) Information Security and Privacy. ACISP 2010. Lecture Notes in Computer Science, vol 6168. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14081-5_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14081-5_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14080-8

  • Online ISBN: 978-3-642-14081-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation