Shamir’s “cube attack

《Shamir’s “cube attack》由会员上传分享，免费在线阅读，更多相关内容在学术论文-天天文库。

1、Shamir’s“cubeattack”:ARemakeofAIDA,TheAlgebraicIVDifferentialAttackMichaelVielhaberHochschuleBremerhaven,FB2,AnderKarlstadt8,D–27568Bremerhaven,GermanyandInstitutodeMatem´aticas,UniversidadAustraldeChile,Casilla567,Valdivia,Chilevielhaber@gmail.com,23.02.2009Abstract.We

2、showthattheso-called“cubeattack”byDinurandShamirisnoth-ingbutarestatementoftheAlgebraicIVDifferentialAttackbythepresentauthor,publishedoneyearearlierinapaperknowntoDinurandShamir—astoutplagiarism.1IntroductionOnOctober28,2007theAlgebraicIVDifferentialAttack,orAIDAforshor

3、t,wasmadepublicontheIACReprintserveraseprint.iacr.org/2007/413,see[1].OnSeptember13,2008(afteratalkatCRYPTO’08inAugust2008—aplagiarismasIACRInvitedLecture!)DinurandShamirpostedthepaper“CubeAttacksonTweak-ableBlackBoxPolynomials”[2]onthesamemediumaseprint.iacr.org/2008/

4、385.Weshowherethatthetwoattacksareidentical,thatDinurandShamirmusthaveknownaboutthisidentity,andthat[2]onlygivessomeimplementationdetailsandcertaingeneralizations,somemoreuseful,somecertainlynot,butotherwisebuildsonAIDAexactlyasdescribedin[1],evenagainusingTriviumasthe

5、mainexample.2WhatisAIDA?Whensimulatingacryptographic(Boolean)function,weeffectivelyevaluateoneposi-tionofitstruthtable(orDNF,DisjunctiveNormalForm).Somecryptographicfunctions(forexampletheoutputofTriviumpriortoitsfullsetuplength,notvisibleinnormaloperation),haveasparsep

6、artinitsANF,AlgebraicNormalForm.Ifthispartturnsouttobelinearinthekeybits,itwillallowtocutinhalfthenecessarysearchspace,foreachsuchsparseequationfound.AIDAistheapplicationoftheInclusion-Exclusion-PrincipletoevaluatethissparseANFtermvia2

7、I

8、DNFevaluations,where

9、I

10、isthenum

11、berofbitsoftheinitialisationvector(IVbitsIVk,1≤k≤#IV),setinthesparseterm(constantkeyK):_^^M^f(IV1,..,IV#IV,K)=dI(K)IViIVi(DNF)=aI(K)IVi(ANF)I⊂{1,2,...,#IV}i∈Ii6∈II⊂{1,2,...,#IV}i∈IwithdI(K),aI(K)∈F2andaI(K)=⊕J⊂IdJ(K)bytheInclusion-Exclusion-Principle.13Arebothattackson

12、eandthesame?Theyareindeed,aswewillseestepbystep.SinceDinurandShamirreinventedeverypieceofnotation,althoughdescribingt