Extended cubes: enhancing the cube attack by extracting low-degree non-linear equations

Extended cubes: enhancing the cube attack by extracting low-degree non-linear equations

In this paper, we propose an ecient method for extracting simple low-degree equations (e.g. quadratic ones) in addi- tion to the linear ones, obtainable from the original cube attack by Dinur and Shamir at EUROCRYPT 2009. This extended cube attack can be successfully applied even to cryptosyste...

Full description

Saved in:
Bibliographic Details
Main Authors: Abdul-Latip, S. F., Reyhanitabar, M. R., Susilo, W., Seberry, J.
Format: Conference or Workshop Item
Language:English
Published: ACM 2011
Subjects:
QA75 Electronic computers. Computer science
Online Access:http://eprints.utem.edu.my/id/eprint/84/1/ASIACCS_2011.pdf
http://eprints.utem.edu.my/id/eprint/84/
http://doi.acm.org/10.1145/1966913.1966952
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Universiti Teknikal Malaysia Melaka
Language: English
Description
Summary:In this paper, we propose an ecient method for extracting simple low-degree equations (e.g. quadratic ones) in addi- tion to the linear ones, obtainable from the original cube attack by Dinur and Shamir at EUROCRYPT 2009. This extended cube attack can be successfully applied even to cryptosystems in which the original cube attack may fail due to the attacker's inability in nding suciently many inde- pendent linear equations. As an application of our extended method, we exhibit a side channel cube attack against the PRESENT block cipher using the Hamming weight leakage model. Our side channel attack improves upon the previ- ous work of Yang, Wang and Qiao at CANS 2009 from two aspects. First, we use the Hamming weight leakage mod- el which is a more relaxed leakage assumption, supported by many previously known practical results on side channel attacks, compared to the more challenging leakage assump- tion that the adversary has access to the \exact" value of the internal state bits as used by Yang et al. Thanks to applying the extended cube method, our attack has also a reduced complexity compared to that of Yang et al. Name- ly, for PRESENT-80 (80-bit key variant) as considered by Yang et al., our attack has a time complexity 2^16 and data complexity of about 2^13 chosen plaintexts; whereas, that of Yang et al. has time complexity of 2^32 and needs about 2^15 chosen plaintexts. Furthermore, our method directly applies to PRESENT-128 (i.e. 128-bit key variant) with time com- plexity of 2^64 and the same data complexity of 2^13 chosen plaintexts.

Similar Items