Abstract
Trivium is a stream cipher proposed for the eSTREAM project. Raddum introduced some reduced versions of Trivium, named Bivium A and Bivium B. In this article we present a numerical attack on the Biviums. The main idea is to transform the problem of solving a sparse system of quadratic equations over GF(2) into a combinatorial optimization problem. We convert the Boolean equation system into an equation system over ℝ and formulate the problem of finding a 0-1-valued solution for the system as a mixed-integer programming problem. This enables us to make use of several algorithms in the field of combinatorial optimization in order to find a solution for the problem and recover the initial state of Bivium. In particular this gives us an attack on Bivium B in estimated time complexity of 263.7 seconds. But this kind of attack is also applicable to other cryptographic algorithms.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ILOG CPLEX, http://www.ilog.com/products/cplex/
Beigel, R.: The polynomial method in circuit complexity. In: Structure in Complexity Theory Conference, pp. 82–95 (1993)
McDonald, C., Charnes, C.: An algebraic analysis of Trivium ciphers based on the boolean satisfiability problem. Cryptology ePrint Archive, Report 2007/129 (2007), http://eprint.iacr.org/2007/129.pdf
De Cannière, C., Preneel, B.: Trivium - a stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 171–186. Springer, Heidelberg (2006)
De Cannière, C., Preneel, B.: Trivium specifications. ECRYPT eSTREAM Project (2006), http://www.ecrypt.eu.org/stream/p3ciphers/trivium/trivium_p3.pdf
Lamberger, M., Nad, T., Rijmen, V.: Numerical solvers in cryptanalysis (extended abstract). In: Second Workshop on Mathematical Cryptology (2008)
Papadimitriou, C.H., Steiglitz, K.: Combinatorial Optimization. Prentice-Hall, Inc., Englewood Cliffs (1982)
Raddum, H.: Cryptanalytic results on Trivium. eSTREAM report 2006/039 (2006), http://www.ecrypt.eu.org/stream/triviump3.html
Eibach, T., Pilz, E., Völkel, G.: Attacking Bivium using SAT solvers. In: Kleine Büning, H., Zhao, X. (eds.) SAT 2008. LNCS, vol. 4996, pp. 63–76. Springer, Heidelberg (2008)
Wolsey, L.A., Nemhauser, G.L.: Integer and Combinatorial Optimization. Wiley Interscience, Hoboken (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Borghoff, J., Knudsen, L.R., Stolpe, M. (2009). Bivium as a Mixed-Integer Linear Programming Problem. In: Parker, M.G. (eds) Cryptography and Coding. IMACC 2009. Lecture Notes in Computer Science, vol 5921. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10868-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-10868-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10867-9
Online ISBN: 978-3-642-10868-6
eBook Packages: Computer ScienceComputer Science (R0)