Skip to main content
SpringerLink
Log in

Kite attack: reshaping the cube attack for a flexible GPU-based maxterm search

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Dinur and Shamir’s cube attack has attracted significant attention in the literature. Nevertheless, the lack of implementations achieving effective results casts doubts on its practical relevance. On the theoretical side, promising results have been recently achieved leveraging on division trails. The present paper follows a more practical approach and aims at giving new impetus to this line of research by means of a cipher-independent flexible framework that is able to carry out the cube attack on GPU/CPU clusters. We address all issues posed by a GPU implementation, providing evidence in support of parallel variants of the attack and identifying viable directions for solving open problems in the future. We report the results of running our GPU-based cube attack against round-reduced versions of three well-known ciphers: Trivium, Grain-128 and SNOW 3G. Our attack against Trivium improves the state of the art, permitting full key recovery for Trivium reduced to (up to) 781 initialization rounds (out of 1152) and finding the first-ever maxterm after 800 rounds. In this paper, we also present the first standard cube attack (i.e., neither dynamic nor tester) to yield maxterms for Grain-128 up to 160 initialization rounds on non-programmable hardware. We include a thorough evaluation of the impact of system parameters and GPU architecture on the performance. Moreover, we demonstrate the scalability of our solution on multi-GPU systems. We believe that our extensive set of results can be useful for the cryptographic engineering community at large and can pave the way to further results in the area.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Notes

  1. The standard assumption is \(\mathbf {v}_{\overline{I}} =\mathbf {0}\), but this is not actually required.

  2. Here \(\mathbf {e} _i\) denotes the unit vector with all null coordinates except \(e_i=1\).

  3. The work that here is assigned to a single thread can be actually split among any number of threads, reassembling the results at the end. We will not consider this possibility here for the sake of clarity.

  4. 8 physical cores per CPU—16 logical per CPU with hyperthreading.

References

  1. Appendix to “Kite attack: reshaping the cube attack for a flexible GPU-based maxterm search”. http://www.cranic.it/cryptanalysis.html. Accessed 5 Feb 2019

  2. Agnesse, A., Pedicini, M.: Cube attack in finite fields of higher order. In: Proceedings of 9th Australasian Information Security Conference, AISC’11, pp. 9–14. ACS, Inc. (2011)

  3. Agostini, E., Bernaschi, M.: Bitcracker: Bitlocker meets GPUs. CoRR (2019). arXiv:1901.01337

  4. Ahmadian, Z., Rasoolzadeh, S., Salmasizadeh, M., Aref, M.R.: Automated dynamic cube attack on block ciphers: cryptanalysis of SIMON and KATAN. IACR Cryptol. ePrint Arch. 2015, 40 (2015)

    Google Scholar 

  5. Ahmadzadeh, A., Hajihassani, O., Gorgin, S.: A high-performance and energy-efficient exhaustive key search approach via GPU on DES-like cryptosystems. J. Supercomput. (2017). https://doi.org/10.1007/s11227-017-2120-9

    Article  Google Scholar 

  6. Aumasson, J.P., Dinur, I., Henzen, L., Meier, W., Shamir, A.: Efficient FPGA implementation of high-dimensional cube testers on the stream cipher Grain-128. In: IACR Cryptology ePrint Archive (2009)

  7. Aumasson, J.P., Dinur, I., Meier, W., Shamir, A.: Cube testers and key recovery attacks on reduced-round MD6 and Trivium. In: FSE, pp. 1–22. Springer (2009)

  8. Baksi, A., Maitra, S., Sarkar, S.: New distinguishers for reduced round Trivium and Trivia-SC using cube testers. In: WCC2015—9th International Workshop on Coding and Cryptography (2015)

  9. Bernstein, D.J.: Why haven’t cube attacks broken anything? https://cr.yp.to/cubeattacks.html. Accessed 4 April 2018

  10. Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: CAESAR submission: Ketje v2. https://keccak.team/files/Ketjev2-doc2.0.pdf. Accessed 5 May 2019

  11. Biryukov, A., Priemuth-Schmid, D., Zhang, B.: Multiset collision attacks on reduced-round SNOW 3G and SNOW 3G+. In: International Conference on Applied Cryptography and Network Security, ACNS 2010, pp. 139–153. Springer, Berlin (2010)

  12. Blum, M., Luby, M., Rubinfeld, R.: Self-testing/correcting with applications to numerical problems. In: ACM Symposium on Theory of Computing, pp. 73–83. ACM (1990)

  13. Chakraborti, A., Chattopadhyay, A., Hassan, M., Nandi, M.: TriviA and uTriviA: two fast and secure authenticated encryption schemes. J. Cryptogr. Eng. (2016). https://doi.org/10.1007/s13389-016-0137-2

    Article  MATH  Google Scholar 

  14. Cianfriglia, M., Guarino, S.: Cryptanalysis on GPUs with the cube attack: design, optimization and performances gains. In: International Conference on High Performance Computing Simulation (HPCS), pp. 753–760 (2017). https://doi.org/10.1109/HPCS.2017.114

  15. Cianfriglia, M., Guarino, S., Bernaschi, M., Lombardi, F., Pedicini, M.: A novel GPU-based implementation of the cube attack. In: Applied Cryptography and Network Security: 15th International Conference, ACNS 2017, Kanazawa, Japan, 10–12 July 2017, Proceedings, pp. 184–207. Springer (2017)

  16. Dinur, I., Güneysu, T., Paar, C., Shamir, A., Zimmermann, R.: An experimentally verified attack on full Grain-128 using dedicated reconfigurable hardware. In: International Conference on The Theory and Application of Cryptology and Information Security, ASIACRYPT’11, pp. 327–343. Springer, Berlin (2011). https://doi.org/10.1007/978-3-642-25385-0_18

  17. Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Advances in Cryptology-EUROCRYPT 2009, pp. 278–299. Springer (2009)

  18. Dinur, I., Shamir, A.: Breaking Grain-128 with dynamic cube attacks. In: FSE 2011, pp. 167–187. Springer, Berlin (2011)

  19. Dinur, I., Shamir, A.: Applying cube attacks to stream ciphers in realistic scenarios. Cryptogr. Commun. 4(3–4), 217–232 (2012)

    Article  MathSciNet  Google Scholar 

  20. Dong, X., Li, Z., Wang, X., Qin, L.: Cube-like attack on round-reduced initialization of Ketje Sr. IACR Trans. Symmetric Cryptol. 2017(1), 259–280 (2017). https://doi.org/10.13154/tosc.v2017.i1.259-280

    Article  Google Scholar 

  21. Fan, X., Gong, G.: On the security of Hummingbird-2 against side channel cube attacks. In: Proceedings of the 4th WEWoRC Workshop, pp. 18–29. Springer, Berlin (2012)

  22. Fouque, P.A., Vannet, T.: Improving key recovery to 784 and 799 rounds of Trivium using optimized cube attacks. FSE 2013, Revised Selected Papers, pp. 502–517 (2014)

  23. Hellman, M.: A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theor. 26(4), 401–406 (2006). https://doi.org/10.1109/TIT.1980.1056220

    Article  MathSciNet  MATH  Google Scholar 

  24. Huo, X., Krishnamoorthy, S., Agrawal, G.: Efficient scheduling of recursive control flow on GPUs. In: Proceedings of the 27th International ACM Conference on Supercomputing, ICS’13, pp. 409–420. ACM, New York, NY, USA (2013). https://doi.org/10.1145/2464996.2479870

  25. Milo, F., Bernaschi, M., Bisson, M.: A fast, GPU based, dictionary attack to OpenPGP secret keyrings. J. Syst. Softw. 84(12), 2088–2096 (2011)

    Article  Google Scholar 

  26. O’Neil, S.: Algebraic structure defectoscopy. In: Tools for Cryptanalysis 2007 Workshop (2007). http://eprint.iacr.org/2007/378

  27. Orhanou, G., Youssef, B.: SNOW 3G stream cipher operation and complexity study. Contemp. Eng. Sci. 3, 97–111 (2010)

    Google Scholar 

  28. Quedenfeld, F.M., Wolf, C.: Algebraic properties of the cube attack. IACR Cryptol. ePrint Arch. 2013, 800 (2013)

    Google Scholar 

  29. Samorodnitsky, A., Trevisan, L.: A PCP characterization of NP with optimal amortized query complexity. In: Proceedings of the ACM Symposium on ToC, pp. 191–199. ACM (2000)

  30. Srinivasan, C., Pillai, U.U., Lakshmy, K., Sethumadhavan, M.: Cube attack on stream ciphers using a modified linearity test. J. Discrete Math. Sci. Cryptogr. 18(3), 301–311 (2015)

    Article  MathSciNet  Google Scholar 

  31. Using shared memory in CUDA C/C++. https://devblogs.nvidia.com/using-shared-memory-cuda-cc/. Accessed 4 Nov 2019

  32. Vielhaber, M.: Breaking ONE.FIVIUM by AIDA an algebraic IV differential attack. In: IACR Eprint archive (2007). http://eprint.iacr.org/2007/413. Accessed 5 May 2019

  33. Winter, R., Salagean, A., Phan, R.C.W.: Comparison of cube attacks over different vector spaces. In: IMACC 2015, pp. 225–238. Springer, New York (2015)

  34. Zhang, H., Wang, X.: Cryptanalysis of stream cipher Grain Family. In: IACR Cryptology ePrint Archive, vol. 2009, p. 109 (2009)

  35. Zhang, S., Chen, G., Li, J.: Cube attack on reduced-round Quavium. ICMII-15 Advances in Computer Science Research (2015). https://doi.org/10.2991/icmii-15.2015.25

Download references

Author information

Authors and Affiliations

  1. Istituto per le Applicazioni del Calcolo “Mauro Picone”, Consiglio Nazionale delle Ricerche, Rome, Italy

    Marco Cianfriglia, Stefano Guarino, Massimo Bernaschi & Flavio Lombardi

  2. Department of Mathematics and Physics, Roma Tre University, Rome, Italy

    Marco Pedicini

Authors
  1. Marco Cianfriglia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefano Guarino
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Massimo Bernaschi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Flavio Lombardi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Marco Pedicini
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marco Cianfriglia.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Tables of maxterms and superpolys

Tables of maxterms and superpolys

See Tables 2, 3, 4, and 5.

Table 2 Superpolys after 781 initialization rounds of Trivium
Full size table
Table 3 Maxterms and superpolys after 799 initialization rounds of Trivium
Full size table
Table 4 Maxterms and superpolys after 800 initialization rounds of Trivium
Full size table
Table 5 Maxterms and superpolys after 160 initialization rounds of Grain-128
Full size table

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Cianfriglia, M., Guarino, S., Bernaschi, M. et al. Kite attack: reshaping the cube attack for a flexible GPU-based maxterm search. J Cryptogr Eng 9, 375–392 (2019). https://doi.org/10.1007/s13389-019-00217-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-019-00217-3

Keywords

Search

Navigation