A Novel GPU-Based Implementation of the Cube Attack

Preliminary Results Against Trivium
  • Marco CianfrigliaEmail author
  • Stefano GuarinoEmail author
  • Massimo Bernaschi
  • Flavio Lombardi
  • Marco Pedicini
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10355)


With black-box access to the cipher being its unique requirement, Dinur and Shamir’s cube attack is a flexible cryptanalysis technique which can be applied to virtually any cipher. However, gaining a precise understanding of the characteristics that make a cipher vulnerable to the attack is still an open problem, and no implementation of the cube attack so far succeeded in breaking a real-world strong cipher. In this paper, we present a complete implementation of the cube attack on a GPU/CPU cluster able to improve state-of-the-art results against the Trivium cipher. In particular, our attack allows full key recovery up to 781 initialization rounds without brute-force, and yields the first ever maxterm after 800 initialization rounds. The proposed attack leverages a careful tuning of the available resources, based on an accurate analysis of the offline phase, that has been tailored to the characteristics of GPU computing. We discuss all design choices, detailing their respective advantages and drawbacks. Other than providing remarkable results, this paper shows how the cube attack can significantly benefit from accelerators like GPUs, paving the way for future work in the area.


Cube attack Trivium GPU 

Supplementary material


  1. 1.
    Agnesse, A., Pedicini, M.: Cube attack in finite fields of higher order. In: Proceedings of 9th Australasian Information Security Conference, AISC 2011, pp. 9–14. ACS, Inc. (2011)Google Scholar
  2. 2.
    Agostini, E.: Bitlocker dictionary attack using GPUs. In: University of Cambridge Passwords 2015 Conference (2015).
  3. 3.
    Ahmadian, Z., Rasoolzadeh, S., Salmasizadeh, M., Aref, M.R.: Automated dynamic cube attack on block ciphers: cryptanalysis of SIMON and KATAN. IACR Cryptology ePrint Archive 2015, 40 (2015)Google Scholar
  4. 4.
    Aumasson, J.-P., Dinur, I., Meier, W., Shamir, A.: Cube testers and key recovery attacks on reduced-round MD6 and trivium. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 1–22. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03317-9_1 CrossRefGoogle Scholar
  5. 5.
    Baksi, A., Maitra, S., Sarkar, S.: New distinguishers for reduced round trivium and trivia-SC using cube testers. In: WCC2015-9th International Workshop on Coding and Cryptography 2015 (2015)Google Scholar
  6. 6.
    Bernstein, D.J.: Why haven’t cube attacks broken anything? Accessed 11 Nov 2016
  7. 7.
    Blum, M., Luby, M., Rubinfeld, R.: Self-testing/correcting with applications to numerical problems. In: ACM Symposium on Theory of Computing, pp. 73–83. ACM (1990)Google Scholar
  8. 8.
    De Cannière, C.: Trivium: a stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 171–186. Springer, Heidelberg (2006). doi: 10.1007/11836810_13 CrossRefGoogle Scholar
  9. 9.
    De Canniere, C., Preneel, B.: Trivium-specifications. eSTREAM, ECRYPT stream cipher project, report 2005/030 (2005)Google Scholar
  10. 10.
    Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-01001-9_16 CrossRefGoogle Scholar
  11. 11.
    Dinur, I., Shamir, A.: Breaking grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-21702-9_10 CrossRefGoogle Scholar
  12. 12.
    Dinur, I., Shamir, A.: Applying cube attacks to stream ciphers in realistic scenarios. Cryptogr. Commun. 4(3–4), 217–232 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Fan, X., Gong, G.: On the security of Hummingbird-2 against side channel cube attacks. In: Armknecht, F., Lucks, S. (eds.) WEWoRC 2011. LNCS, vol. 7242, pp. 18–29. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34159-5_2 CrossRefGoogle Scholar
  14. 14.
    Fouque, P.-A., Vannet, T.: Improving key recovery to 784 and 799 rounds of trivium using optimized cube attacks. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 502–517. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-43933-3_26 Google Scholar
  15. 15.
    Kleinjung, T., Lenstra, A.K., Page, D., Smart, N.P.: Using the cloud to determine key strengths. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 17–39. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-34931-7_3 CrossRefGoogle Scholar
  16. 16.
    Marks, M., Jantura, J., Niewiadomska-Szynkiewicz, E., Strzelczyk, P., Góźdź, K.: Heterogeneous GPU&CPU cluster for high performance computing in cryptography. Comput. Sci. 13(2), 63–79 (2012)CrossRefGoogle Scholar
  17. 17.
    Milo, F., Bernaschi, M., Bisson, M.: A fast, GPU based, dictionary attack to OpenPGP secret keyrings. J. Syst. Softw. 84(12), 2088–2096 (2011)CrossRefGoogle Scholar
  18. 18.
    O’Neil, S.: Algebraic structure defectoscopy (2007). Tools for Cryptanalysis 2007 Workshop.
  19. 19.
    Quedenfeld, F.M., Wolf, C.: Algebraic properties of the cube attack. IACR Cryptology ePrint Archive 2013, 800 (2013)Google Scholar
  20. 20.
    Samorodnitsky, A.: Low-degree tests at large distances. In: Proceedings of 39th ACM symposium on Theory of Computing, pp. 506–515. ACM (2007)Google Scholar
  21. 21.
    Samorodnitsky, A., Trevisan, L.: A PCP characterization of NP with optimal amortized query complexity. In: Proceedings ACM Symposium on ToC, pp. 191–199. ACM (2000)Google Scholar
  22. 22.
    Shanmugam, D., Annadurai, S.: Secure implementation of stream cipher: trivium. In: Bica, I., Naccache, D., Simion, E. (eds.) SECITC 2015. LNCS, vol. 9522, pp. 253–266. Springer, Cham (2015). doi: 10.1007/978-3-319-27179-8_18 CrossRefGoogle Scholar
  23. 23.
    Srinivasan, C., Pillai, U.U., Lakshmy, K., Sethumadhavan, M.: Cube attack on stream ciphers using a modified linearity test. J. Discret. Math. Sci. Cryptogr. 18(3), 301–311 (2015)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Vielhaber, M.: Breaking ONE.FIVIUM by AIDA an algebraic IV differential attack (2007).
  25. 25.
    Winter, R., Salagean, A., Phan, R.C.-W.: Comparison of cube attacks over different vector spaces. In: Groth, J. (ed.) IMACC 2015. LNCS, vol. 9496, pp. 225–238. Springer, Cham (2015). doi: 10.1007/978-3-319-27239-9_14 CrossRefGoogle Scholar
  26. 26.
    Zhang, S., Chen, G., Li, J.: Cube attack on reduced-round Quavium. ICMII-15 Adv. Comput. Sci. Res. (2015). doi: 10.2991/icmii-15.2015.25

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Roma Tre UniversityRomeItaly
  2. 2.Istituto per le Applicazioni del Calcolo (IAC - CNR)RomeItaly
  3. 3.Sapienza University of RomeRomeItaly

Personalised recommendations