Autoguess: A Tool for Finding Guess-and-Determine Attacks and Key Bridges

Hossein Hadipour; Maria Eichlseder

doi:10.1007/978-3-031-09234-3_12

Autoguess: A Tool for Finding Guess-and-Determine Attacks and Key Bridges

Hossein Hadipour^*, Maria Eichlseder

^*Corresponding author for this work

Institute of Applied Information Processing and Communications (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

The guess-and-determine technique is one of the most widely used techniques in cryptanalysis to recover unknown variables in a given system of relations. In such attacks, a subset of the unknown variables is guessed such that the remaining unknowns can be deduced using the information from the guessed variables and the given relations. This idea can be applied in various areas of cryptanalysis such as finding the internal state of stream ciphers when a sufficient amount of output data is available, or recovering the internal state and the secret key of a block cipher from very few known plaintexts. Another important application is the key-bridging technique in key-recovery attacks on block ciphers, where the attacker aims to find the minimum number of required sub-key guesses to deduce all involved sub-keys via the key schedule. Since the complexity of the guess-and-determine technique directly depends on the number of guessed variables, it is essential to find the smallest possible guess basis, i.e., the subset of guessed variables from which the remaining variables can be deduced. In this paper, we present Autoguess, an easy-to-use general tool to search for a minimal guess basis. We propose several new modeling techniques to harness SAT/SMT, MILP, and Gröbner basis solvers. We demonstrate their usefulness in guess-and-determine attacks on stream ciphers and block ciphers, as well as finding key-bridges in key recovery attacks on block ciphers. Moreover, integrating our CP models for the key-bridging technique into the previous CP-based frameworks to search for distinguishers, we propose a unified and general CP model to search for key recovery friendly distinguishers which supports both linear and nonlinear key schedules.

Original language	English
Title of host publication	Applied Cryptography and Network Security - 20th International Conference, ACNS 2022, Proceedings
Editors	Giuseppe Ateniese, Daniele Venturi
Place of Publication	Cham
Publisher	Springer
Pages	230-250
Number of pages	21
ISBN (Print)	9783031092336
DOIs	https://doi.org/10.1007/978-3-031-09234-3_12
Publication status	Published - 2022
Event	20th International Conference on Applied Cryptography and Network Security: ACNS 2022 - Italy, Roma, Italy Duration: 20 Jun 2022 → 23 Jun 2022 Conference number: 20 https://sites.google.com/di.uniroma1.it/acns2022/home

Publication series

Name	Lecture Notes in Computer Science
Volume	13269

Conference

Conference	20th International Conference on Applied Cryptography and Network Security
Abbreviated title	ACNS 2022
Country/Territory	Italy
City	Roma
Period	20/06/22 → 23/06/22
Internet address	https://sites.google.com/di.uniroma1.it/acns2022/home

Keywords

Guess and Determine
secret-key cryptography
Groebner basis
MILP
Lightweight block cipher
SAT
CP
SMT
Key-Bridging
AES Block Cipher
SKINNY Block Cipher
ZUC Stream Cipher
Stream Ciphers
Gröbner basis
Guess & determine

ASJC Scopus subject areas

Computational Theory and Mathematics
Theoretical Computer Science
Computer Science(all)

Fields of Expertise

Information, Communication & Computing

Access to Document

10.1007/978-3-031-09234-3_12

Cite this

Autoguess: A Tool for Finding Guess-and-Determine Attacks and Key Bridges. / Hadipour, Hossein ; Eichlseder, Maria.
Applied Cryptography and Network Security - 20th International Conference, ACNS 2022, Proceedings. ed. / Giuseppe Ateniese; Daniele Venturi. Cham: Springer, 2022. p. 230-250 (Lecture Notes in Computer Science; Vol. 13269 ).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Hadipour, H & Eichlseder, M 2022, Autoguess: A Tool for Finding Guess-and-Determine Attacks and Key Bridges. in G Ateniese & D Venturi (eds), Applied Cryptography and Network Security - 20th International Conference, ACNS 2022, Proceedings. Lecture Notes in Computer Science, vol. 13269 , Springer, Cham, pp. 230-250, 20th International Conference on Applied Cryptography and Network Security, Roma, Italy, 20/06/22. https://doi.org/10.1007/978-3-031-09234-3_12

@inproceedings{f712b92669ba4d0b8be918b171c44800,

title = "Autoguess: A Tool for Finding Guess-and-Determine Attacks and Key Bridges",

abstract = "The guess-and-determine technique is one of the most widely used techniques in cryptanalysis to recover unknown variables in a given system of relations. In such attacks, a subset of the unknown variables is guessed such that the remaining unknowns can be deduced using the information from the guessed variables and the given relations. This idea can be applied in various areas of cryptanalysis such as finding the internal state of stream ciphers when a sufficient amount of output data is available, or recovering the internal state and the secret key of a block cipher from very few known plaintexts. Another important application is the key-bridging technique in key-recovery attacks on block ciphers, where the attacker aims to find the minimum number of required sub-key guesses to deduce all involved sub-keys via the key schedule. Since the complexity of the guess-and-determine technique directly depends on the number of guessed variables, it is essential to find the smallest possible guess basis, i.e., the subset of guessed variables from which the remaining variables can be deduced. In this paper, we present Autoguess, an easy-to-use general tool to search for a minimal guess basis. We propose several new modeling techniques to harness SAT/SMT, MILP, and Gr{\"o}bner basis solvers. We demonstrate their usefulness in guess-and-determine attacks on stream ciphers and block ciphers, as well as finding key-bridges in key recovery attacks on block ciphers. Moreover, integrating our CP models for the key-bridging technique into the previous CP-based frameworks to search for distinguishers, we propose a unified and general CP model to search for key recovery friendly distinguishers which supports both linear and nonlinear key schedules.",

keywords = "Guess and Determine, secret-key cryptography, Groebner basis, MILP, Lightweight block cipher, SAT, CP, SMT, Key-Bridging, AES Block Cipher, SKINNY Block Cipher, ZUC Stream Cipher, Stream Ciphers, Gr{\"o}bner basis, Guess & determine",

author = "Hossein Hadipour and Maria Eichlseder",

year = "2022",

doi = "10.1007/978-3-031-09234-3_12",

language = "English",

isbn = "9783031092336",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "230--250",

editor = "Giuseppe Ateniese and Daniele Venturi",

booktitle = "Applied Cryptography and Network Security - 20th International Conference, ACNS 2022, Proceedings",

note = "20th International Conference on Applied Cryptography and Network Security : ACNS 2022, ACNS 2022 ; Conference date: 20-06-2022 Through 23-06-2022",

url = "https://sites.google.com/di.uniroma1.it/acns2022/home",

}

TY - GEN

T1 - Autoguess: A Tool for Finding Guess-and-Determine Attacks and Key Bridges

AU - Hadipour, Hossein

AU - Eichlseder, Maria

N1 - Conference code: 20

PY - 2022

Y1 - 2022

N2 - The guess-and-determine technique is one of the most widely used techniques in cryptanalysis to recover unknown variables in a given system of relations. In such attacks, a subset of the unknown variables is guessed such that the remaining unknowns can be deduced using the information from the guessed variables and the given relations. This idea can be applied in various areas of cryptanalysis such as finding the internal state of stream ciphers when a sufficient amount of output data is available, or recovering the internal state and the secret key of a block cipher from very few known plaintexts. Another important application is the key-bridging technique in key-recovery attacks on block ciphers, where the attacker aims to find the minimum number of required sub-key guesses to deduce all involved sub-keys via the key schedule. Since the complexity of the guess-and-determine technique directly depends on the number of guessed variables, it is essential to find the smallest possible guess basis, i.e., the subset of guessed variables from which the remaining variables can be deduced. In this paper, we present Autoguess, an easy-to-use general tool to search for a minimal guess basis. We propose several new modeling techniques to harness SAT/SMT, MILP, and Gröbner basis solvers. We demonstrate their usefulness in guess-and-determine attacks on stream ciphers and block ciphers, as well as finding key-bridges in key recovery attacks on block ciphers. Moreover, integrating our CP models for the key-bridging technique into the previous CP-based frameworks to search for distinguishers, we propose a unified and general CP model to search for key recovery friendly distinguishers which supports both linear and nonlinear key schedules.

AB - The guess-and-determine technique is one of the most widely used techniques in cryptanalysis to recover unknown variables in a given system of relations. In such attacks, a subset of the unknown variables is guessed such that the remaining unknowns can be deduced using the information from the guessed variables and the given relations. This idea can be applied in various areas of cryptanalysis such as finding the internal state of stream ciphers when a sufficient amount of output data is available, or recovering the internal state and the secret key of a block cipher from very few known plaintexts. Another important application is the key-bridging technique in key-recovery attacks on block ciphers, where the attacker aims to find the minimum number of required sub-key guesses to deduce all involved sub-keys via the key schedule. Since the complexity of the guess-and-determine technique directly depends on the number of guessed variables, it is essential to find the smallest possible guess basis, i.e., the subset of guessed variables from which the remaining variables can be deduced. In this paper, we present Autoguess, an easy-to-use general tool to search for a minimal guess basis. We propose several new modeling techniques to harness SAT/SMT, MILP, and Gröbner basis solvers. We demonstrate their usefulness in guess-and-determine attacks on stream ciphers and block ciphers, as well as finding key-bridges in key recovery attacks on block ciphers. Moreover, integrating our CP models for the key-bridging technique into the previous CP-based frameworks to search for distinguishers, we propose a unified and general CP model to search for key recovery friendly distinguishers which supports both linear and nonlinear key schedules.

KW - Guess and Determine

KW - secret-key cryptography

KW - Groebner basis

KW - MILP

KW - Lightweight block cipher

KW - SAT

KW - CP

KW - SMT

KW - Key-Bridging

KW - AES Block Cipher

KW - SKINNY Block Cipher

KW - ZUC Stream Cipher

KW - Stream Ciphers

KW - Gröbner basis

KW - Guess & determine

UR - http://www.scopus.com/inward/record.url?scp=85134353495&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-09234-3_12

DO - 10.1007/978-3-031-09234-3_12

M3 - Conference paper

SN - 9783031092336

T3 - Lecture Notes in Computer Science

SP - 230

EP - 250

BT - Applied Cryptography and Network Security - 20th International Conference, ACNS 2022, Proceedings

A2 - Ateniese, Giuseppe

A2 - Venturi, Daniele

PB - Springer

CY - Cham

T2 - 20th International Conference on Applied Cryptography and Network Security

Y2 - 20 June 2022 through 23 June 2022

ER -

Autoguess: A Tool for Finding Guess-and-Determine Attacks and Key Bridges

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Fields of Expertise

Access to Document

Other files and links

Fingerprint

Cite this