Algebraic Cryptanalysis of SMS4: Gröbner Basis Attack and SAT Attack Compared

Erickson, Jeremy P.; Ding, Jíntai; Christensen, Chris

doi:10.1007/978-3-642-14423-3_6

Cited by 17 publications

(12 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They showed that when about 2 32 known plaintexts are available, KeeLoq is very week and for 30% of all keys, the full key can be recovered with complexity of 2 28 KeeLoq encryptions. Erickson et al [15] used the Grobner basis [14] attacks on SMS4 equation system over GF(2) and GF(2 8 ) and used the SAT solver over the GF(2) model. They implement their design in Grobner basis by Magma tool and in SAT solver by the MiniSAT tool.…”

Section: Sat Solvers and Its Applications To Cryptanalysismentioning

confidence: 99%

Applications of SAT Solvers to AES Key Recovery from Decayed Key Schedule Images

Kamal

Youssef

2010

2010 Fourth International Conference on Emerging Security Information, Systems and Technologies

View full text Add to dashboard Cite

Abstract-Cold boot attack is a side channel attack which exploits the data remanence property of random access memory (RAM) to retrieve its contents which remain readable shortly after its power has been removed. Given the nature of the cold boot attack, only a corrupted image of the memory contents will be available to the attacker. In this paper, we investigate the use of an off-the-shelf SAT solver, CryptoMinSat, to improve the key recovery of the AES-128 key schedules from its corresponding decayed memory images. By exploiting the asymmetric decay of the memory images and the redundancy of key material inherent in the AES key schedule, rectifying the faults in the corrupted memory images of the AES-128 key schedule is formulated as a Boolean satisfiability problem which can be solved efficiently for relatively very large decay factors. Our experimental results show that this approach improves upon the previously known results.

show abstract

Section: Sat Solvers and Its Applications To Cryptanalysismentioning

confidence: 99%

Applications of SAT Solvers to AES Key Recovery from Decayed Key Schedule Images

Kamal

Youssef

2010

2010 Fourth International Conference on Emerging Security Information, Systems and Technologies

View full text Add to dashboard Cite

show abstract

“…In [14], 6 rounds of DES are attacked with only a single known plaintext/ciphertext pair using a SAT solver. Erickson et al [15] used the SAT solver and Gröbner basis [16] attacks against SMS4 on equation system over GF (2) and GF(2 8 ). In [17], a practical Gröbner basis [16] attack using Magma was applied against the ciphers Flurry and Curry, recovering the full cipher key by requiring only a minimal number of plaintext/ciphertext pairs.…”

Section: Modern Algebraic Tools and Their Applications To Cryptographymentioning

confidence: 99%

A Comparison between Two Off-the-Shelf Algebraic Tools for Extraction of Cryptographic Keys from Corrupted Memory Images

Kamal

Zahno²,

Youssef³

2013

Security Engineering and Intelligence Informatics

View full text Add to dashboard Cite

Abstract.Cold boot attack is a class of side channel attacks which exploits the data remanence property of random access memory (RAM) to retrieve its contents which remain readable shortly after its power has been removed. Specialized algorithms have been previously proposed to recover cryptographic keys of several ciphers from decayed memory images. However, these techniques were cipher-dependent and certainly uneasy to develop and fine tune. On the other hand, for symmetric ciphers, the relations that have to be satisfied between the subround key bits in the key schedule always correspond to a set of nonlinear Boolean equations. In this paper, we investigate the use of an off-the-shelf SAT solver (CryptoMiniSat), and an open source Gröbner basis tool (PolyBoRi) to solve the resulting system of equations. We also provide the pros and cons of both approaches and present some simulation results for the extraction of AES and Serpent keys from decayed memory images using these tools.

show abstract

“…SMS4 S-box is bijective and it substitutes byte input for byte output using arithmetic computations over GF (2 8 ). A method suitable for hardware implementation of S-box is to first perform affine transformation on GF (2), then carry out inversion in GF(2 8 ), followed by second affine transformation over GF (2) [13,14]. The S-box algebraic structure is given as the following expression [13].…”

Section: The Sms4mentioning

confidence: 99%

“…The two bit factor (N × c) is given in two ways. (13) Similarly the square scaling two bit factor (N × c 2 ) is represented in following two ways depending upon choice of conjugate basis pair. The scaling operation (n x a 2 ) is a four bit factor in GF(2 8 ) inverter and its computation in GF(2 2 ) depends on the normal basis types and the relation between norm n and N as in [2].…”

Section: Scaling and Squaring In Gf(2 4 ) And Gf(2 2 )mentioning

confidence: 99%

A Compact S-Box Design for SMS4 Block Cipher

Abbasi

Afzal

2011

Lecture Notes in Electrical Engineering

View full text Add to dashboard Cite

Abstract. This paper proposes a compact design of SMS4 S-box using combinational logic which is suitable for the implementation in area constraint environments like smart cards. The inversion algorithm of the proposed S-box is based on composite field GF(((2 2 ) 2 ) 2 ) using normal basis at all levels. In our approach, we examined all possible normal basis combinations having trace equal to one at each subfield level. There are 16 such possible combinations with normal basis and we have compared the S-box designs based on each case in terms of logic gates it uses for implementation. The isomorphism mapping and inverse mapping bit matrices are fully optimized using greedy algorithm. We prove that our best case reduces the complexity upon the SMS4 S-box design with existing inversion algorithm based on polynomial basis by 15% XOR and 42% AND gates.

show abstract

Algebraic Cryptanalysis of SMS4: Gröbner Basis Attack and SAT Attack Compared

Cited by 17 publications

References 10 publications

Applications of SAT Solvers to AES Key Recovery from Decayed Key Schedule Images

Applications of SAT Solvers to AES Key Recovery from Decayed Key Schedule Images

A Comparison between Two Off-the-Shelf Algebraic Tools for Extraction of Cryptographic Keys from Corrupted Memory Images

A Compact S-Box Design for SMS4 Block Cipher

Contact Info

Product

Resources

About