TY - GEN
T1 - Optimized interpolation attacks on LowMC
AU - Dinur, Itai
AU - Liu, Yunwen
AU - Meier, Willi
AU - Wang, Qingju
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2015.
PY - 2015/1/1
Y1 - 2015/1/1
N2 - LowMC is a collection of block cipher families introduced at Eurocrypt 2015 by Albrecht et al. Its design is optimized for instantiations of multi-party computation, fully homomorphic encryption, and zero-knowledge proofs. A unique feature of LowMC is that its internal affine layers are chosen at random, and thus each block cipher family contains a huge number of instances. The Eurocrypt paper proposed two specific block cipher families of LowMC, having 80-bit and 128-bit keys. In this paper, we mount interpolation attacks (algebraic attacks introduced by Jakobsen and Knudsen) on LowMC, and show that a practically significant fraction of 2−38 of its 80-bit key instances could be broken 223 times faster than exhaustive search. Moreover, essentially all instances that are claimed to provide 128-bit security could be broken about 1000 times faster. In order to obtain these results we optimize the interpolation attack using several new techniques. In particular, we present an algorithm that combines two main variants of the interpolation attack, and results in an attack which is more efficient than each one.
AB - LowMC is a collection of block cipher families introduced at Eurocrypt 2015 by Albrecht et al. Its design is optimized for instantiations of multi-party computation, fully homomorphic encryption, and zero-knowledge proofs. A unique feature of LowMC is that its internal affine layers are chosen at random, and thus each block cipher family contains a huge number of instances. The Eurocrypt paper proposed two specific block cipher families of LowMC, having 80-bit and 128-bit keys. In this paper, we mount interpolation attacks (algebraic attacks introduced by Jakobsen and Knudsen) on LowMC, and show that a practically significant fraction of 2−38 of its 80-bit key instances could be broken 223 times faster than exhaustive search. Moreover, essentially all instances that are claimed to provide 128-bit security could be broken about 1000 times faster. In order to obtain these results we optimize the interpolation attack using several new techniques. In particular, we present an algorithm that combines two main variants of the interpolation attack, and results in an attack which is more efficient than each one.
KW - Block cipher
KW - High-order differential cryptanalysis
KW - Interpolation attack
KW - LowMC
UR - http://www.scopus.com/inward/record.url?scp=84952685363&partnerID=8YFLogxK
U2 - 10.1007/978-3-662-48800-3_22
DO - 10.1007/978-3-662-48800-3_22
M3 - Conference contribution
AN - SCOPUS:84952685363
SN - 9783662487990
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 535
EP - 560
BT - Advances in Cryptology – ASIACRYPT 2015 - 21st International Conference on the Theory and Application of Cryptology and Information Security, Proceedings
A2 - Iwata, Tetsu
A2 - Cheon, Jung Hee
PB - Springer Verlag
T2 - 21st International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2015
Y2 - 29 November 2015 through 3 December 2015
ER -