Advertisement

Journal of Cryptographic Engineering

, Volume 9, Issue 4, pp 375–392 | Cite as

Kite attack: reshaping the cube attack for a flexible GPU-based maxterm search

  • Marco CianfrigliaEmail author
  • Stefano Guarino
  • Massimo Bernaschi
  • Flavio Lombardi
  • Marco Pedicini
Regular Paper
  • 100 Downloads

Abstract

Dinur and Shamir’s cube attack has attracted significant attention in the literature. Nevertheless, the lack of implementations achieving effective results casts doubts on its practical relevance. On the theoretical side, promising results have been recently achieved leveraging on division trails. The present paper follows a more practical approach and aims at giving new impetus to this line of research by means of a cipher-independent flexible framework that is able to carry out the cube attack on GPU/CPU clusters. We address all issues posed by a GPU implementation, providing evidence in support of parallel variants of the attack and identifying viable directions for solving open problems in the future. We report the results of running our GPU-based cube attack against round-reduced versions of three well-known ciphers: Trivium, Grain-128 and SNOW 3G. Our attack against Trivium improves the state of the art, permitting full key recovery for Trivium reduced to (up to) 781 initialization rounds (out of 1152) and finding the first-ever maxterm after 800 rounds. In this paper, we also present the first standard cube attack (i.e., neither dynamic nor tester) to yield maxterms for Grain-128 up to 160 initialization rounds on non-programmable hardware. We include a thorough evaluation of the impact of system parameters and GPU architecture on the performance. Moreover, we demonstrate the scalability of our solution on multi-GPU systems. We believe that our extensive set of results can be useful for the cryptographic engineering community at large and can pave the way to further results in the area.

Keywords

Cube attack Algebraic attacks Graphics processing unit 

Notes

Supplementary material

References

  1. 1.
    Appendix to “Kite attack: reshaping the cube attack for a flexible GPU-based maxterm search”. http://www.cranic.it/cryptanalysis.html. Accessed 5 Feb 2019
  2. 2.
    Agnesse, A., Pedicini, M.: Cube attack in finite fields of higher order. In: Proceedings of 9th Australasian Information Security Conference, AISC’11, pp. 9–14. ACS, Inc. (2011)Google Scholar
  3. 3.
    Agostini, E., Bernaschi, M.: Bitcracker: Bitlocker meets GPUs. CoRR (2019). arXiv:1901.01337
  4. 4.
    Ahmadian, Z., Rasoolzadeh, S., Salmasizadeh, M., Aref, M.R.: Automated dynamic cube attack on block ciphers: cryptanalysis of SIMON and KATAN. IACR Cryptol. ePrint Arch. 2015, 40 (2015)Google Scholar
  5. 5.
    Ahmadzadeh, A., Hajihassani, O., Gorgin, S.: A high-performance and energy-efficient exhaustive key search approach via GPU on DES-like cryptosystems. J. Supercomput. (2017).  https://doi.org/10.1007/s11227-017-2120-9 CrossRefGoogle Scholar
  6. 6.
    Aumasson, J.P., Dinur, I., Henzen, L., Meier, W., Shamir, A.: Efficient FPGA implementation of high-dimensional cube testers on the stream cipher Grain-128. In: IACR Cryptology ePrint Archive (2009)Google Scholar
  7. 7.
    Aumasson, J.P., Dinur, I., Meier, W., Shamir, A.: Cube testers and key recovery attacks on reduced-round MD6 and Trivium. In: FSE, pp. 1–22. Springer (2009)Google Scholar
  8. 8.
    Baksi, A., Maitra, S., Sarkar, S.: New distinguishers for reduced round Trivium and Trivia-SC using cube testers. In: WCC2015—9th International Workshop on Coding and Cryptography (2015)Google Scholar
  9. 9.
    Bernstein, D.J.: Why haven’t cube attacks broken anything? https://cr.yp.to/cubeattacks.html. Accessed 4 April 2018
  10. 10.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G., Van Keer, R.: CAESAR submission: Ketje v2. https://keccak.team/files/Ketjev2-doc2.0.pdf. Accessed 5 May 2019
  11. 11.
    Biryukov, A., Priemuth-Schmid, D., Zhang, B.: Multiset collision attacks on reduced-round SNOW 3G and SNOW 3G+. In: International Conference on Applied Cryptography and Network Security, ACNS 2010, pp. 139–153. Springer, Berlin (2010)Google Scholar
  12. 12.
    Blum, M., Luby, M., Rubinfeld, R.: Self-testing/correcting with applications to numerical problems. In: ACM Symposium on Theory of Computing, pp. 73–83. ACM (1990)Google Scholar
  13. 13.
    Chakraborti, A., Chattopadhyay, A., Hassan, M., Nandi, M.: TriviA and uTriviA: two fast and secure authenticated encryption schemes. J. Cryptogr. Eng. (2016).  https://doi.org/10.1007/s13389-016-0137-2 CrossRefzbMATHGoogle Scholar
  14. 14.
    Cianfriglia, M., Guarino, S.: Cryptanalysis on GPUs with the cube attack: design, optimization and performances gains. In: International Conference on High Performance Computing Simulation (HPCS), pp. 753–760 (2017).  https://doi.org/10.1109/HPCS.2017.114
  15. 15.
    Cianfriglia, M., Guarino, S., Bernaschi, M., Lombardi, F., Pedicini, M.: A novel GPU-based implementation of the cube attack. In: Applied Cryptography and Network Security: 15th International Conference, ACNS 2017, Kanazawa, Japan, 10–12 July 2017, Proceedings, pp. 184–207. Springer (2017)Google Scholar
  16. 16.
    Dinur, I., Güneysu, T., Paar, C., Shamir, A., Zimmermann, R.: An experimentally verified attack on full Grain-128 using dedicated reconfigurable hardware. In: International Conference on The Theory and Application of Cryptology and Information Security, ASIACRYPT’11, pp. 327–343. Springer, Berlin (2011).  https://doi.org/10.1007/978-3-642-25385-0_18
  17. 17.
    Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Advances in Cryptology-EUROCRYPT 2009, pp. 278–299. Springer (2009)Google Scholar
  18. 18.
    Dinur, I., Shamir, A.: Breaking Grain-128 with dynamic cube attacks. In: FSE 2011, pp. 167–187. Springer, Berlin (2011)Google Scholar
  19. 19.
    Dinur, I., Shamir, A.: Applying cube attacks to stream ciphers in realistic scenarios. Cryptogr. Commun. 4(3–4), 217–232 (2012)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Dong, X., Li, Z., Wang, X., Qin, L.: Cube-like attack on round-reduced initialization of Ketje Sr. IACR Trans. Symmetric Cryptol. 2017(1), 259–280 (2017).  https://doi.org/10.13154/tosc.v2017.i1.259-280 CrossRefGoogle Scholar
  21. 21.
    Fan, X., Gong, G.: On the security of Hummingbird-2 against side channel cube attacks. In: Proceedings of the 4th WEWoRC Workshop, pp. 18–29. Springer, Berlin (2012)Google Scholar
  22. 22.
    Fouque, P.A., Vannet, T.: Improving key recovery to 784 and 799 rounds of Trivium using optimized cube attacks. FSE 2013, Revised Selected Papers, pp. 502–517 (2014)Google Scholar
  23. 23.
    Hellman, M.: A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theor. 26(4), 401–406 (2006).  https://doi.org/10.1109/TIT.1980.1056220 MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Huo, X., Krishnamoorthy, S., Agrawal, G.: Efficient scheduling of recursive control flow on GPUs. In: Proceedings of the 27th International ACM Conference on Supercomputing, ICS’13, pp. 409–420. ACM, New York, NY, USA (2013).  https://doi.org/10.1145/2464996.2479870
  25. 25.
    Milo, F., Bernaschi, M., Bisson, M.: A fast, GPU based, dictionary attack to OpenPGP secret keyrings. J. Syst. Softw. 84(12), 2088–2096 (2011)CrossRefGoogle Scholar
  26. 26.
    O’Neil, S.: Algebraic structure defectoscopy. In: Tools for Cryptanalysis 2007 Workshop (2007). http://eprint.iacr.org/2007/378
  27. 27.
    Orhanou, G., Youssef, B.: SNOW 3G stream cipher operation and complexity study. Contemp. Eng. Sci. 3, 97–111 (2010)Google Scholar
  28. 28.
    Quedenfeld, F.M., Wolf, C.: Algebraic properties of the cube attack. IACR Cryptol. ePrint Arch. 2013, 800 (2013)Google Scholar
  29. 29.
    Samorodnitsky, A., Trevisan, L.: A PCP characterization of NP with optimal amortized query complexity. In: Proceedings of the ACM Symposium on ToC, pp. 191–199. ACM (2000)Google Scholar
  30. 30.
    Srinivasan, C., Pillai, U.U., Lakshmy, K., Sethumadhavan, M.: Cube attack on stream ciphers using a modified linearity test. J. Discrete Math. Sci. Cryptogr. 18(3), 301–311 (2015)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Using shared memory in CUDA C/C++. https://devblogs.nvidia.com/using-shared-memory-cuda-cc/. Accessed 4 Nov 2019
  32. 32.
    Vielhaber, M.: Breaking ONE.FIVIUM by AIDA an algebraic IV differential attack. In: IACR Eprint archive (2007). http://eprint.iacr.org/2007/413. Accessed 5 May 2019
  33. 33.
    Winter, R., Salagean, A., Phan, R.C.W.: Comparison of cube attacks over different vector spaces. In: IMACC 2015, pp. 225–238. Springer, New York (2015)Google Scholar
  34. 34.
    Zhang, H., Wang, X.: Cryptanalysis of stream cipher Grain Family. In: IACR Cryptology ePrint Archive, vol. 2009, p. 109 (2009)Google Scholar
  35. 35.
    Zhang, S., Chen, G., Li, J.: Cube attack on reduced-round Quavium. ICMII-15 Advances in Computer Science Research (2015).  https://doi.org/10.2991/icmii-15.2015.25

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Istituto per le Applicazioni del Calcolo “Mauro Picone”Consiglio Nazionale delle RicercheRomeItaly
  2. 2.Department of Mathematics and PhysicsRoma Tre UniversityRomeItaly

Personalised recommendations