Attacking Bivium Using SAT Solvers

Eibach, Tobias; Pilz, Enrico; Völkel, Gunnar

doi:10.1007/978-3-540-79719-7_7

Cited by 54 publications

(54 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…SAT solvers have also been applied to the cryptanalysis of stream ciphers. Eibach et al [17] presented an experimental results over a slightly modified version of Trivium (Bivium) using a SAT solver, exhaustive search, a BDD based attack, a graph theoretic approach, and Grobner basis. Their results concluded that the initial state of the cipher is recovered and the using of SAT solver is faster than the other attacks.…”

Section: Sat Solvers and Its Applications To Cryptanalysismentioning

confidence: 99%

Applications of SAT Solvers to AES Key Recovery from Decayed Key Schedule Images

Kamal

Youssef

2010

2010 Fourth International Conference on Emerging Security Information, Systems and Technologies

View full text Add to dashboard Cite

Abstract-Cold boot attack is a side channel attack which exploits the data remanence property of random access memory (RAM) to retrieve its contents which remain readable shortly after its power has been removed. Given the nature of the cold boot attack, only a corrupted image of the memory contents will be available to the attacker. In this paper, we investigate the use of an off-the-shelf SAT solver, CryptoMinSat, to improve the key recovery of the AES-128 key schedules from its corresponding decayed memory images. By exploiting the asymmetric decay of the memory images and the redundancy of key material inherent in the AES key schedule, rectifying the faults in the corrupted memory images of the AES-128 key schedule is formulated as a Boolean satisfiability problem which can be solved efficiently for relatively very large decay factors. Our experimental results show that this approach improves upon the previously known results.

show abstract

Section: Sat Solvers and Its Applications To Cryptanalysismentioning

confidence: 99%

Applications of SAT Solvers to AES Key Recovery from Decayed Key Schedule Images

Kamal

Youssef

2010

2010 Fourth International Conference on Emerging Security Information, Systems and Technologies

View full text Add to dashboard Cite

show abstract

“…By using the floating representation from (1.1)-(1.3) and (2), Algorithm 1 describes the procedure of generating a system of 4n polynomial equations (n linear and 3n quadratic). Solving this system requires to find the inner state of Trivium at time t ≥ t 0 and then by clocking Trivium backwards, we get the secret key k. The best known algebraic attack on a scaled version of Trivium (called Bivium) was developed by Eibach et al in [8] using SAT solvers and up to date there is no known algebraic attack better than the brute force on Trivium.…”

Section: Algebraic Representationmentioning

confidence: 99%

Mutant Differential Fault Analysis of Trivium MDFA

Mohamed

Buchmann

2015

Information Security and Cryptology - ICISC 2014

View full text Add to dashboard Cite

Abstract. In this paper we present improvements to the differential fault analysis (DFA) of the stream cipher Trivium proposed in the work of M. Hojsík and B. Rudolf. In particular, we optimize the algebraic representation of obtained DFA information applying the concept of Mutants, which represent low degree equations derived after processing of DFA information. As a result, we are able to minimize the number of fault injections necessary for retrieving the secret key. Therefore, we introduce a new algebraic framework that combines the power of different algebraic techniques for handling additional information received from a physical attack. Using this framework, we are able to recover the secret key by only an one-bit fault injection. In fact, this is the first attack on stream ciphers utilizing minimal amount of DFA information. We study the efficiency of our improved attack by comparing the size of gathered DFA information with previous attacks.

show abstract

“…SAT solvers and Gröbner basis have also been applied to the cryptanalysis of stream ciphers. Eibach et al [18] presented experimental results on attacking a reduced version of Trivium (Bivium) using exhaustive search, a SAT solver, a binary decision diagram (BDD) based attack, a graph theoretic approach, and Gröbner basis. Their result implies that the usage of the SAT solver is faster than the other attacks.…”

Section: Modern Algebraic Tools and Their Applications To Cryptographymentioning

confidence: 99%

A Comparison between Two Off-the-Shelf Algebraic Tools for Extraction of Cryptographic Keys from Corrupted Memory Images

Kamal

Zahno²,

Youssef³

2013

Security Engineering and Intelligence Informatics

View full text Add to dashboard Cite

Abstract.Cold boot attack is a class of side channel attacks which exploits the data remanence property of random access memory (RAM) to retrieve its contents which remain readable shortly after its power has been removed. Specialized algorithms have been previously proposed to recover cryptographic keys of several ciphers from decayed memory images. However, these techniques were cipher-dependent and certainly uneasy to develop and fine tune. On the other hand, for symmetric ciphers, the relations that have to be satisfied between the subround key bits in the key schedule always correspond to a set of nonlinear Boolean equations. In this paper, we investigate the use of an off-the-shelf SAT solver (CryptoMiniSat), and an open source Gröbner basis tool (PolyBoRi) to solve the resulting system of equations. We also provide the pros and cons of both approaches and present some simulation results for the extraction of AES and Serpent keys from decayed memory images using these tools.

show abstract

Attacking Bivium Using SAT Solvers

Cited by 54 publications

References 10 publications

Applications of SAT Solvers to AES Key Recovery from Decayed Key Schedule Images

Applications of SAT Solvers to AES Key Recovery from Decayed Key Schedule Images

Mutant Differential Fault Analysis of Trivium MDFA

A Comparison between Two Off-the-Shelf Algebraic Tools for Extraction of Cryptographic Keys from Corrupted Memory Images

Contact Info

Product

Resources

About