Abstract
Algebraic attacks have established themselves as a powerful method for the cryptanalysis of LFSR-based keystream generators (e.g., E 0 used in Bluetooth). The attack is based on solving an overdetermined system of low-degree equations R t =0, where R t is an expression in the state of the LFSRs at clock t and one or several successive keystream bits z t ,...,z t + δ .
In fast algebraic attacks, new equations of a lower degree are constructed in a precomputation step. This is done by computing appropriate linear combinations of T successive initial equations R t =0. The successive data complexity of the attack is the number T of successive equations.
We propose a new variant of fast algebraic attacks where the same approach is employed to eliminate some unknowns, making a divide-and-conquer attack possible. In some cases, our variant is applicable whereas the first one is not.
Both variants can have a high successive data complexity (e.g., T≥ 8.822.188 for E 0). We describe how to keep it to a minimum and introduce suitable efficient algorithms for the precomputation step.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Aho, A.V., Hopcroft, J.E., Ullman, J.D.: The design and Analysis of Computer Algorithms. Addison-Wesley, Reading (1974)
Armknecht, F., Krause, M.: Algebraic attacks on Combiners with Memory. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 162–175. Springer, Heidelberg (2003)
Armknecht, F.: Improving Fast Algebraic Attacks. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 65–82. Springer, Heidelberg (2004)
Armknecht, F.: On the existence of low-degree equations, Cryptology ePrint Archive: Report 2004/185
Biryukov, A., Shamir, A.: Cryptanalytic Time/Memory/Data tradeoffs for Stream Ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000)
Bluetooth SIG, Specification of the Bluetooth system, Version 1.1, February 22 (2001), Available at http://www.bluetooth.com/
Courtois, N.: Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 182–199. Springer, Heidelberg (2003), is available at http://eprint.iacr.org/2002/087/
Courtois, N., Meier, W.: Algebraic attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003), An extended version is available at http://www.minrnak.org/toyolili.pdf
Courtois, N.: Fast Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003)
Faugère, J.-C., Ars, G.: An algebraic cryptanalysis of nonlinear filter generators using Gröbner bases (2003), Available at http://www.inria.fr/rrrt/rr-4739.html
Dj, J.: Golic: Vectorial Boolean functions and induced algebraic equations. Cryptology ePrint Archive: Report 2004/225
Hawkes, P., Rose, G.G.: Rewriting Variables: the Complexity of Fast Algebraic Attacks on Stream Ciphers. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 390–406. Springer, Heidelberg (2004), Available at http://eprint.iacr.org/2004/081/
Krause, M.: BDD-Based Cryptanalysis of Keystream Generators. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 222–237. Springer, Heidelberg (2002)
Lidl, R., Niederreiter, H.: Introduction to finite fields an their applications. Cambridge University Press, Cambridge (1994)
Massey, J.L.: Shift-register synthesis and BCH decoding. IEEE Trans. Information Theory IT-15, 122–127 (1969)
Meier, W., Pasalic, E., Carlet, C.: Algebraic attacks and decomposition of Boolean functions. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 474–491. Springer, Heidelberg (2004)
Meier, W., Staffelbach, O.: Fast Correlation Attacks on certain Stream Ciphers. Journal of Cryptology, 159–176 (1989)
Schoenhage, A.: Schnelle Multiplikation von Polynomen über Körpern der Charakteristik 2. Acta Informatica 7, 395–398 (1977)
Simpson, L., Dawson, E., Golic, J., Millan, W.: LILI Keystream Generator. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 248–261. Springer, Heidelberg (2001), See http://www.isrc.qut.edu.au/lili/
Strassen, V.: Gaussian Elimination is Not Optimal. Numerische Mathematik 13, 354–356 (1969)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Armknecht, F., Ars, G. (2005). Introducing a New Variant of Fast Algebraic Attacks and Minimizing Their Successive Data Complexity. In: Dawson, E., Vaudenay, S. (eds) Progress in Cryptology – Mycrypt 2005. Mycrypt 2005. Lecture Notes in Computer Science, vol 3715. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11554868_3
Download citation
DOI: https://doi.org/10.1007/11554868_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28938-8
Online ISBN: 978-3-540-32066-1
eBook Packages: Computer ScienceComputer Science (R0)