Constructive Non-Linear Polynomial Cryptanalysis of a Historical Block Cipher
share
One of the major open problems in symmetric cryptanalysis is to discover new specif i c types of invariant properties which can hold for a larger number of rounds of a block cipher. We have Generalised Linear Cryptanalysis (GLC) and Partitioning Cryptanalysis (PC). Due to double-exponential combinatorial explosion of the number of possible invariant properties systematic exploration is not possible and extremely few positive working examples of GLC are known. Our answer is to work with polynomial algebraic invariants which makes partitions more intelligible. We have developed a constructive algebraic approach which is about making sure that a certain combination of polynomial equations is zero. We work with an old block cipher from 1980s which has particularly large hardware complexity compared to modern ciphers e.g. AES. However all this complexity is not that useful if we are able to construct powerful non-linear invariants which work for any number of rounds. A key feature of our invariant attacks is that we are able to completely eliminate numerous state and key bits. We also construct invariants for the (presumably stronger) KT1 keys. Some of these lead to powerful ciphertext-only correlation attacks.
READ FULL TEXT