One generic model of stream cipher considers updating the states and then combining the state bits to produce the key-stream. In case there are biases in the state bits, that may be reflected on the key-stream bits resulting certain weaknesses (distinguisher and/or key recovery) of the cipher. In this context, we study the state biases as well as key-stream biases with great details. We first experiment with cube testers and heuristically obtain several distinguishers for Trivium running more than 800 rounds (maximum 829) with cube sizes not exceeding 27. Further, we apply our techniques to analyze Trivia-SC (the stream cipher used in TriviA-ck AEAD scheme, selected in second round of CAESAR competition) and obtain distinguishers till 950 rounds with a cube size of 25 only. On Trivia-SC, our results refute certain claims made by the designers against both cube and slide attacks. Our detailed empirical analysis provides new results in reduced-round cryptanalysis of Trivium and Trivia-SC. © 2016, Springer Science+Business Media New York.

Santanu Sarkar

Department of Mathematics

Cryptography

CRYPTANALYSIS

CUBE TESTER

SLIDE ATTACKS

Stream ciphers

TRIVIUM

geometry

IIT Madras is a public technical and research university located in Chennai, Tamil Nadu. Founded in 1959, it is recognised as an Institute of National Importance.

IIT Madras has been ranked as the top engineering institute in India for four years in a row by the National Institutional Ranking Framework of the MHRD

It currently offers undergraduate, postgraduate and research degrees across 16 disciplines in Engineering, Sciences, Humanities and Management. About 596 faculty belonging to science and engineering departments and centres of the Institute are engaged in teaching, research and industrial consultancy.

IIT Madras

Designs, Codes, and Cryptography

In this paper, we revisit the work of Sarkar et al. (Des Codes Cryptogr 82(1–2):351–375, 2017) and Liu (Advances in cryptology—Crypto 2017, 2017) and show how both of their ideas can be tuned to find good cubes. Here we propose a new algorithm for cube generation which improves existing results on Zero- Sum distinguisher. We apply our new cube finding algorithm to three different nonlinear feedback shift register (NFSR) based stream ciphers Trivium, Kreyvium and ACORN. From the results, we can see a cube of size 39, which gives Zero- Sum for maximum 842 rounds and a significant non-randomness up to 850 rounds of Trivium. We provide some small size good cubes for Trivium, which outperform existing ones. We further investigate Kreyvium and ACORN by a similar technique and obtain cubes of size 56 and 92 which give Zero- Sum distinguisher till 875 and 738 initialization rounds of Kreyvium and ACORN respectively. To the best of our knowledge, these results are best results as compared to the existing results on distinguishing attacks of these ciphers. We also provide a table of good cubes of sizes varying from 10 to 40 for these three ciphers. © 2019, Springer Science+Business Media, LLC, part of Springer Nature.

New cube distinguishers on NFSR-based stream ciphers

Journal of Cryptographic Engineering

TriviA and uTriviA: two fast and secure authenticated encryption schemes

Computer Science Review

General classification of the authenticated encryption schemes for the CAESAR competition

2015 IEEE International Symposium on Information Theory (ISIT)

Searching cubes for testing Boolean functions and its application to Trivium

The Definitive Guide to Arm® Cortex®-M0 and Cortex-M0+ Processors

Getting Started with gcc (GNU Compiler Collection)

Lecture Notes in Computer Science Cryptographic Hardware and Embedded Systems -- CHES 2015

TriviA: A Fast and Secure Authenticated Encryption Scheme

Observing biases in the state: case studies with Trivium and Trivia-SC

Journal	Data powered by TypesetDesigns, Codes, and Cryptography
Publisher	Data powered by TypesetSpringer New York LLC
ISSN	09251022
Open Access	No