A New Cube Attack on MORUS by Using Division Property

MORUS is an authenticated encryption algorithm and one of the candidates in the CAESAR competition. Currently, the security of MORUS received extensive attention. In this paper, a new existence terms detection method in superpoly recovery phase in cube attack is proposed. More precisely, the upper b...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE transactions on computers Ročník 68; číslo 12; s. 1731 - 1740
Hlavní autoři: Ye, Tao, Wei, Yongzhuang, Meier, Willi
Médium: Journal Article
Jazyk:angličtina
Vydáno: New York IEEE 01.12.2019
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Témata:
Algorithms
Authenticated encryption algorithm
Authentication
Boolean functions
cube attack
Division
division property
Encryption
Integer programming
Linear programming
Mixed integer
mixed integer linear programming
MORUS
Recovery
Security
Software algorithms
Solvers
Time complexity
ISSN:0018-9340, 1557-9956
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:MORUS is an authenticated encryption algorithm and one of the candidates in the CAESAR competition. Currently, the security of MORUS received extensive attention. In this paper, a new existence terms detection method in superpoly recovery phase in cube attack is proposed. More precisely, the upper bounding degree of superpoly is first estimated by using the cube attack based on the division property with Mixed Integer Linear Programming tool. Moreover, the t-degree monomials that may be involved in the superpoly are divided into two groups, where the elements of the first group can be directly determined without using the solver via the embedded property. Compared with previous methods, the time consumption by the solvers of our new method is reduced significantly. In particular, the truth table from only the existent terms can be used to recover the superpoly in the offline phase of the cube attack. Therefore, the time complexity of cube attack can be further reduced. As illustrative example, the security of the reduced-step variants of MORUS-640-128 against cube attack is evaluated by using this new method. It is demonstrated that the key recovery attacks can be applied to 6/7-step MORUS-640-128. Furthermore, some integral distinguishers of 7-step MORUS-640-128/MORUS-1280-256 are achieved.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0018-9340
1557-9956
DOI:10.1109/TC.2019.2929137