Abstract
Dinur and Shamir’s cube attack has attracted significant attention in the literature. Nevertheless, the lack of implementations achieving effective results casts doubts on its practical relevance. On the theoretical side, promising results have been recently achieved leveraging on division trails. The present paper follows a more practical approach and aims at giving new impetus to this line of research by means of a cipher-independent flexible framework that is able to carry out the cube attack on GPU/CPU clusters. We address all issues posed by a GPU implementation, providing evidence in support of parallel variants of the attack and identifying viable directions for solving open problems in the future. We report the results of running our GPU-based cube attack against round-reduced versions of three well-known ciphers: Trivium, Grain-128 and SNOW 3G. Our attack against Trivium improves the state of the art, permitting full key recovery for Trivium reduced to (up to) 781 initialization rounds (out of 1152) and finding the first-ever maxterm after 800 rounds. In this paper, we also present the first standard cube attack (i.e., neither dynamic nor tester) to yield maxterms for Grain-128 up to 160 initialization rounds on non-programmable hardware. We include a thorough evaluation of the impact of system parameters and GPU architecture on the performance. Moreover, we demonstrate the scalability of our solution on multi-GPU systems. We believe that our extensive set of results can be useful for the cryptographic engineering community at large and can pave the way to further results in the area.
Similar content being viewed by others
Notes
The standard assumption is \(\mathbf {v}_{\overline{I}} =\mathbf {0}\), but this is not actually required.
Here \(\mathbf {e} _i\) denotes the unit vector with all null coordinates except \(e_i=1\).
The work that here is assigned to a single thread can be actually split among any number of threads, reassembling the results at the end. We will not consider this possibility here for the sake of clarity.
8 physical cores per CPU—16 logical per CPU with hyperthreading.
References
Appendix to “Kite attack: reshaping the cube attack for a flexible GPU-based maxterm search”. http://www.cranic.it/cryptanalysis.html. Accessed 5 Feb 2019
Agnesse, A., Pedicini, M.: Cube attack in finite fields of higher order. In: Proceedings of 9th Australasian Information Security Conference, AISC’11, pp. 9–14. ACS, Inc. (2011)
Agostini, E., Bernaschi, M.: Bitcracker: Bitlocker meets GPUs. CoRR (2019). arXiv:1901.01337
Ahmadian, Z., Rasoolzadeh, S., Salmasizadeh, M., Aref, M.R.: Automated dynamic cube attack on block ciphers: cryptanalysis of SIMON and KATAN. IACR Cryptol. ePrint Arch. 2015, 40 (2015)
Ahmadzadeh, A., Hajihassani, O., Gorgin, S.: A high-performance and energy-efficient exhaustive key search approach via GPU on DES-like cryptosystems. J. Supercomput. (2017). https://doi.org/10.1007/s11227-017-2120-9
Aumasson, J.P., Dinur, I., Henzen, L., Meier, W., Shamir, A.: Efficient FPGA implementation of high-dimensional cube testers on the stream cipher Grain-128. In: IACR Cryptology ePrint Archive (2009)
Aumasson, J.P., Dinur, I., Meier, W., Shamir, A.: Cube testers and key recovery attacks on reduced-round MD6 and Trivium. In: FSE, pp. 1–22. Springer (2009)
Baksi, A., Maitra, S., Sarkar, S.: New distinguishers for reduced round Trivium and Trivia-SC using cube testers. In: WCC2015—9th International Workshop on Coding and Cryptography (2015)
Bernstein, D.J.: Why haven’t cube attacks broken anything? https://cr.yp.to/cubeattacks.html. Accessed 4 April 2018
Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: CAESAR submission: Ketje v2. https://keccak.team/files/Ketjev2-doc2.0.pdf. Accessed 5 May 2019
Biryukov, A., Priemuth-Schmid, D., Zhang, B.: Multiset collision attacks on reduced-round SNOW 3G and SNOW 3G+. In: International Conference on Applied Cryptography and Network Security, ACNS 2010, pp. 139–153. Springer, Berlin (2010)
Blum, M., Luby, M., Rubinfeld, R.: Self-testing/correcting with applications to numerical problems. In: ACM Symposium on Theory of Computing, pp. 73–83. ACM (1990)
Chakraborti, A., Chattopadhyay, A., Hassan, M., Nandi, M.: TriviA and uTriviA: two fast and secure authenticated encryption schemes. J. Cryptogr. Eng. (2016). https://doi.org/10.1007/s13389-016-0137-2
Cianfriglia, M., Guarino, S.: Cryptanalysis on GPUs with the cube attack: design, optimization and performances gains. In: International Conference on High Performance Computing Simulation (HPCS), pp. 753–760 (2017). https://doi.org/10.1109/HPCS.2017.114
Cianfriglia, M., Guarino, S., Bernaschi, M., Lombardi, F., Pedicini, M.: A novel GPU-based implementation of the cube attack. In: Applied Cryptography and Network Security: 15th International Conference, ACNS 2017, Kanazawa, Japan, 10–12 July 2017, Proceedings, pp. 184–207. Springer (2017)
Dinur, I., Güneysu, T., Paar, C., Shamir, A., Zimmermann, R.: An experimentally verified attack on full Grain-128 using dedicated reconfigurable hardware. In: International Conference on The Theory and Application of Cryptology and Information Security, ASIACRYPT’11, pp. 327–343. Springer, Berlin (2011). https://doi.org/10.1007/978-3-642-25385-0_18
Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Advances in Cryptology-EUROCRYPT 2009, pp. 278–299. Springer (2009)
Dinur, I., Shamir, A.: Breaking Grain-128 with dynamic cube attacks. In: FSE 2011, pp. 167–187. Springer, Berlin (2011)
Dinur, I., Shamir, A.: Applying cube attacks to stream ciphers in realistic scenarios. Cryptogr. Commun. 4(3–4), 217–232 (2012)
Dong, X., Li, Z., Wang, X., Qin, L.: Cube-like attack on round-reduced initialization of Ketje Sr. IACR Trans. Symmetric Cryptol. 2017(1), 259–280 (2017). https://doi.org/10.13154/tosc.v2017.i1.259-280
Fan, X., Gong, G.: On the security of Hummingbird-2 against side channel cube attacks. In: Proceedings of the 4th WEWoRC Workshop, pp. 18–29. Springer, Berlin (2012)
Fouque, P.A., Vannet, T.: Improving key recovery to 784 and 799 rounds of Trivium using optimized cube attacks. FSE 2013, Revised Selected Papers, pp. 502–517 (2014)
Hellman, M.: A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theor. 26(4), 401–406 (2006). https://doi.org/10.1109/TIT.1980.1056220
Huo, X., Krishnamoorthy, S., Agrawal, G.: Efficient scheduling of recursive control flow on GPUs. In: Proceedings of the 27th International ACM Conference on Supercomputing, ICS’13, pp. 409–420. ACM, New York, NY, USA (2013). https://doi.org/10.1145/2464996.2479870
Milo, F., Bernaschi, M., Bisson, M.: A fast, GPU based, dictionary attack to OpenPGP secret keyrings. J. Syst. Softw. 84(12), 2088–2096 (2011)
O’Neil, S.: Algebraic structure defectoscopy. In: Tools for Cryptanalysis 2007 Workshop (2007). http://eprint.iacr.org/2007/378
Orhanou, G., Youssef, B.: SNOW 3G stream cipher operation and complexity study. Contemp. Eng. Sci. 3, 97–111 (2010)
Quedenfeld, F.M., Wolf, C.: Algebraic properties of the cube attack. IACR Cryptol. ePrint Arch. 2013, 800 (2013)
Samorodnitsky, A., Trevisan, L.: A PCP characterization of NP with optimal amortized query complexity. In: Proceedings of the ACM Symposium on ToC, pp. 191–199. ACM (2000)
Srinivasan, C., Pillai, U.U., Lakshmy, K., Sethumadhavan, M.: Cube attack on stream ciphers using a modified linearity test. J. Discrete Math. Sci. Cryptogr. 18(3), 301–311 (2015)
Using shared memory in CUDA C/C++. https://devblogs.nvidia.com/using-shared-memory-cuda-cc/. Accessed 4 Nov 2019
Vielhaber, M.: Breaking ONE.FIVIUM by AIDA an algebraic IV differential attack. In: IACR Eprint archive (2007). http://eprint.iacr.org/2007/413. Accessed 5 May 2019
Winter, R., Salagean, A., Phan, R.C.W.: Comparison of cube attacks over different vector spaces. In: IMACC 2015, pp. 225–238. Springer, New York (2015)
Zhang, H., Wang, X.: Cryptanalysis of stream cipher Grain Family. In: IACR Cryptology ePrint Archive, vol. 2009, p. 109 (2009)
Zhang, S., Chen, G., Li, J.: Cube attack on reduced-round Quavium. ICMII-15 Advances in Computer Science Research (2015). https://doi.org/10.2991/icmii-15.2015.25
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Cianfriglia, M., Guarino, S., Bernaschi, M. et al. Kite attack: reshaping the cube attack for a flexible GPU-based maxterm search. J Cryptogr Eng 9, 375–392 (2019). https://doi.org/10.1007/s13389-019-00217-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-019-00217-3