Analysis of Trivium Using Compressed Right Hand Side Equations

Schilling, Thorsten; Raddum, Håvard

doi:10.1007/978-3-642-31912-9_2

Cited by 8 publications

(12 citation statements)

References 9 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This way, we just generate the variables and monomials that are needed. Note that this is contrary to earlier algebraic modellings of Trivium such as [32,31]. To evaluate our representation of Trivium, we made several experiments with the fast Gröbner basis PolyBoRi [9].…”

Section: Example 1 Consider the Polynomialsmentioning

confidence: 99%

“…Previous algebraic attacks ( [34,38,32,31]) use output bits generated by one unknown IV and one key. They are all based on the model described in [31] and fail even for round-reduced variants of Trivium because they attack the internal state of the cipher rather than the key.…”

Section: Related Workmentioning

confidence: 99%

“…Previous algebraic attacks such as [34,38,32] are based on the algebraic representation of Trivium given in Section 2.1. Therefore, we would expect similar results.…”

Section: Similar Variablesmentioning

confidence: 99%

See 2 more Smart Citations

Advanced Algebraic Attack on Trivium

Quedenfeld

Wolf

2016

Mathematical Aspects of Computer and Information Sciences

View full text Add to dashboard Cite

Abstract. This paper presents an algebraic attack against Trivium that breaks 625 rounds using only 4096 bits of output in an overall time complexity of 2 42.2 Trivium computations. While other attacks can do better in terms of rounds (799), this is a practical attack with a very low data usage (down from 2 40 output bits) and low computation time (down from 2 62 ). From another angle, our attack can be seen as a proof of concept: how far can algebraic attacks can be pushed when several known techniques are combined into one implementation? All attacks have been fully implemented and tested; our figures are therefore not the result of any potentially error-prone extrapolation, but results of practical experiments.

show abstract

Section: Example 1 Consider the Polynomialsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Advanced Algebraic Attack on Trivium

Quedenfeld

Wolf

2016

Mathematical Aspects of Computer and Information Sciences

View full text Add to dashboard Cite

show abstract

“…Later implementations and refinement led to a broader interest in BDDs and they were successfully applied in the cryptanalysis of LFSRs [6] and the cipher Grain [7]. For our purposes, we think of a BDD in the following way, more thoroughly described in [1].…”

Section: Binary Decision Diagramsmentioning

confidence: 99%

“…Solving equation systems representing cryptographic primitives is known as algebraic cryptanalysis, and is an active research field. This paper explores one approach for efficiently solving big equation systems, and is based on the work in [1], where the concept of Compressed Right Hand Side (CRHS) equations was introduced. A CRHS equation is a Binary Decision Diagram (BDD) together with a matrix with linear combinations of the variables in the system as rows.…”

Section: Introductionmentioning

confidence: 99%

Solving Compressed Right Hand Side Equation Systems with Linear Absorption

Schilling

Raddum

2012

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. In this paper we describe an approach for solving complex multivariate equation systems related to algebraic cryptanalysis. The work uses the newly introduced Compressed Right Hand Sides (CRHS) representation, where equations are represented using Binary Decision Diagrams (BDD). The paper introduces a new technique for manipulating a BDD, similar to swapping variables in the well-known siftingmethod. Using this technique we develop a new solving method for CRHS equation systems. The new algorithm is successfully tested on systems representing reduced variants of Trivium.

show abstract