Cube Attack against Full Kravatte
نویسندگان
چکیده
This note analyzes the security of Kravatte against the cube attack. We provide an analysis result which recovers the master key of the current version of full Kravatte with data and time complexities 2136.01, and negligible memory. The same could be applied to the first version of Kravatte with complexities of 238.04, which could be carried out in practice. These results are possible thanks to a clever way of constructing affine spaces bypassing the first permutation layer of Kravatte proposed by the designers and a simple yet efficient way to invert the last layer of Sbox in Kravatte.
منابع مشابه
New MILP Modeling: Improved Conditional Cube Attacks to Keccak-based Constructions
In this paper, we provide a new MILP modeling to find better/optimal choices of conditional cubes. These choices generally find new or improved attacks against the keyed constructions based on Keccak permutations, including Keccak-MAC, KMAC, Kravatte, Keyak, and Ketje, in terms of attack complexities or the number of attacked rounds. Specifically, we find new key recovery attacks against KMAC12...
متن کاملCube Attacks on Non-Blackbox Polynomials Based on Division Property (Full Version)
The cube attack is a powerful cryptanalytic technique and is especially powerful against stream ciphers. Since we need to analyze the complicated structure of a stream cipher in the cube attack, the cube attack basically analyzes it by regarding it as a blackbox. Therefore, the cube attack is an experimental attack, and we cannot evaluate the security when the size of cube exceeds an experiment...
متن کاملExtension of Cube Attack with Probabilistic Equations and its Application on Cryptanalysis of KATAN Cipher
Cube Attack is a successful case of Algebraic Attack. Cube Attack consists of two phases, linear equation extraction and solving the extracted equation system. Due to the high complexity of equation extraction phase in finding linear equations, we can extract nonlinear ones that could be approximated to linear equations with high probability. The probabilistic equations could be considered as l...
متن کاملBreaking Grain-128 with Dynamic Cube Attacks
We present a new variant of cube attacks called a dynamic cube attack. Whereas standard cube attacks [4] find the key by solving a system of linear equations in the key bits, the new attack recovers the secret key by exploiting distinguishers obtained from cube testers. Dynamic cube attacks can create lower degree representations of the given cipher, which makes it possible to attack schemes th...
متن کاملConditional Cube Attack on Round-Reduced ASCON
This paper evaluates the secure level of authenticated encryption Ascon against cube-like method. Ascon submitted by Dobraunig et al. is one of 16 survivors of the 3rd round CAESAR competition. The cube-like method is first used by Dinur et al. to analyze Keccak keyed modes. At CT-RSA 2015, Dobraunig et al. applied this method to 5/6-round reduced Ascon, whose structure is similar to Keccak key...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017