| Symmetric ciphers,for instance SM4 and AES,are widely used in our common life.Focusing on symmetric ciphers,we investigate cube attacks and conditional cube attacks as well as their applications,based on techniques such as Mixed Integer Linear Programming(MILP)and division property.In light of the degree evaluation using di-vision property for symmetric ciphers,we propose a new method to evaluate the upper bound of degrees of the outputs in the scenario that the initial state is unknown,which could largely extend the application of division property.Furthermore,we present a new strategy to reduce the dimension of cubes and enable us to choose conditional cube variables in a larger extend.This strategy improves the method of searching cubes and can help to obtain more valid cube variables.In order to verify the effectiveness of our theory,we experiment on Subterranean-SAE,which is a second round candidate of the National Institute of Standards and Technology(NIST)lightweight cryptography stan-dardization project.With the help of three-subset division property without unknown subset theory,we apply the new technique proposed in this paper to Subterranean-SAE with 4 blank rounds.The results of our experiments show that the algebraic degrees of all output bits of Subterranean-SAE with 4 blank rounds are upper bounded by 63.In addition,using the new strategy proposed in this paper,we obtain 24 33-dimensional cubes which can be used to successfully achieve a conditional cube attack on 4-round reduced Subterranean-SAE.We partially verify our cube attack experimentally,and we can recover the full 128-bit key with data and time complexities of 241.8and 2124re-spectively.To the best of our knowledge,this is the first f ull-key r ecovery a ttack on4-round reduced Subterranean-SAE in a nonce-respecting scenario. |
PDF Full Text Request