In this paper, we propose a reduction technique that can be used to determine the density of IV terms of a complex multivariable boolean polynomial. Using this technique, we revisit the dynamic cube attack on Grain-128. Based on choosing one more nullified state bit and one more dynamic bit, we are able to obtain the IV terms of degree 43 with various of complicated reduction techniques for pol...

Almost any cryptographic scheme can be described by tweakable polynomials over GF (2), which contain both secret variables (e.g., key bits) and public variables (e.g., plaintext bits or IV bits). The cryptanalyst is allowed to tweak the polynomials by choosing arbitrary values for the public variables, and his goal is to solve the resultant system of polynomial equations in terms of their commo...

In this paper we describe the first single-key attack which can recover the full key of the full version of Grain-128 for arbitrary keys by an algorithm which is significantly faster than exhaustive search (by a factor of about 2). It is based on a new version of a cube tester, which uses an improved choice of dynamic variables to eliminate the previously made assumption that ten particular key...

In this paper we describe the rst single-key attack which can recover the full key of the full version of Grain-128 for arbitrary keys by an algorithm which is signi cantly faster than exhaustive search (by a factor of about 2). It is based on a new version of a cube tester, which uses an improved choice of dynamic variables to eliminate the previously made assumption that ten particular key bi...

In this paper, we investigate the security of the NOEKEON block cipher against side channel cube attacks. NOEKEON was proposed by Daemen et al. for the NESSIE project. The block size and the key size are both 128 bits. The cube attack, introduced by Dinur and Shamir at EUROCRYPT 2009, is a new type of algebraic cryptanalysis. The attack may be applied if the adversary has access to a single bit...

This paper studies the Keccak-based authenticated encryption (AE) scheme Ketje Sr against cube-like attacks. Ketje is one of the remaining 16 candidates of third round CAESAR competition, whose primary recommendation is Ketje Sr. Although the cube-like method has been successfully applied to Ketje’s sister ciphers, including Keccak-MAC and Keyak – another Keccak-based AE scheme, similar attacks...

Since Keccak was selected as SHA-3 hash function by NIST, it has attracted considerable attention from cryptographic researchers. Keccak sponge function [1] has also been used to design message authentication codes (MAC) and authenticated encryption (AE) scheme Keyak. Till now, the most efficient key recovery attacks on Keccak-MAC and Keyak are cube attacks and cube-attack-like cryptanalysis pr...

In this paper, we comprehensively study the resistance of keyed variants of SHA-3 (Keccak) against algebraic attacks. This analysis covers a wide range of key recovery, MAC forgery and other types of attacks, breaking up to 9 rounds (out of the full 24) of the Keccak internal permutation much faster than exhaustive search. Moreover, some of our attacks on the 6-round Keccak are completely pract...