Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

Cryptanalysis of LILI-128 with Overdefined Systems of Equations

과포화(Overdefined) 연립방정식을 이용한 LILI-128 스트림 암호에 대한 분석

  • 문덕재 (고려대학교 정보보호기술연구센터(CIST)) ;
  • 홍석희 (고려대학교 정보보호기술연구센터(CIST)) ;
  • 이상진 (고려대학교 정보보호기술연구센터(CIST)) ;
  • 임종인 (고려대학교 정보보호기술연구센터(CIST)) ;
  • 은희천 (고려대학교 자연과학대학 자연과학부)
  • Published : 2003.02.01
Download PDF
⟨ Previous Next ⟩

Abstract

In this paper we demonstrate a cryptanalysis of the stream cipher LILI-128. Our approach to analysis on LILI-128 is to solve an overdefined system of multivariate equations. The LILI-128 keystream generato $r^{[8]}$ is a LFSR-based synchronous stream cipher with 128 bit key. This cipher consists of two parts, “CLOCK CONTROL”, pan and “DATA GENERATION”, part. We focus on the “DATA GENERATION”part. This part uses the function $f_d$. that satisfies the third order of correlation immunity, high nonlinearity and balancedness. But, this function does not have highly nonlinear order(i.e. high degree in its algebraic normal form). We use this property of the function $f_d$. We reduced the problem of recovering the secret key of LILI-128 to the problem of solving a largely overdefined system of multivariate equations of degree K=6. In our best version of the XL-based cryptanalysis we have the parameter D=7. Our fastest cryptanalysis of LILI-128 requires $2^{110.7}$ CPU clocks. This complexity can be achieved using only $2^{26.3}$ keystream bits.

본 논문은 과포화 다변수 방정식을 이용하여 LILI-128 스트림 암호를 분석한다. LILI-128 암호$^{[8]}$ 는 128비트 키를 가진 선형귀환 쉬프트 레지스터 기반의 스트림 암호로 구조를 살펴보면 크게 “CLOCK CONTROL” 부분과 “DATA GENERATION” 부분으로 나뉘어진다. 분석 방법은 “DATA CENERATION” 부분에 사용되는 함수 \ulcorne $r^{d}$ 의 대수적 차수가 높지 못하다는 성질을 이용한다. 간략히 설명하면 차수(K)가 6차인 다변수 방정식을 많이 얻을 수 있고, 이를 7차 (D)의 다변수 방정식으로 확장하여 주어진 변수보다 많은 연립방정식을 얻어 그 해를 구하는 XL 알고리즘을 통해 전수조사보다 빠르게 키정보를 찾을 수 있다. 결과 중 가장 좋은 것은 출력 키수열 2$^{26.3}$비트를 가지고 2$^{110.7}$ CPU 시간을 통해 128비트 키정보를 얻는 것이다.다.

Keywords

References

  1. Advances in Cryptology - CRYPTO'99, LNCS 1666 Cryptanalysis of the HFE Public Key Cryptosystem A. Shamir;A. Kipnis
  2. Advances in Cryptology - EUROCRYT 2000, LNCS 1807 Efficient Algorithms for solving Overdefined Systems of Multivariate Polynomial Equations A. Shamir;J. Patarin;N. Courtois;A. Klimov
  3. Symbolic Computation v.9 Matrix multiplication via arithmetic progressions D. coppersmith;S. Winograd
  4. Numerische Mathematik v.13 Gaussian Elimination is Not Optimal V. Strassen
  5. Public Key Cryptography - PKC2002, LNCS 2274 Solving Underdefined Systems of Multivariate Quadratic Equations W. Meier;N. Courtois;L. Goubin;J. D. Tacier
  6. Advances in Cryptology - ASIACRYPT 2002 Cryptanalysis of Block Ciphers with Overdefined Systems of Equation N. Courtois;J. Pieprzyk
  7. Information Security and Cryptology - ICISC 2002 Higher Order Correlation Attacks, XL algorithm and Cryptanalysis of Toyocrypt N. Courtois
  8. Selected Areas in Cryptography - SAC 2000, LNCS 2012 The LILI-128 Keystream Generator E. Dawson;J. Golic;W. Millan;L. Simpson
  9. NESSIE Public Report Cryptanalysis of LILI-128 S. Babbage
  10. Second NESSIE Workshop Response to initial Report on LILI-128 E. Dawson;J. Golic;W. Millan;L. Simpson
  11. NESSIE Public Report Initial Report on the LILI-128 Stream Cipher J. White
  12. Information Processing Letters v.81 no.3 A Fast Correlation Attack on LILI-128 F. Jonsson;T. Johansson
  13. Fast Software Encryption 2002, LNCS 2365 A Time-Memory Tradeoff Attack Against LILI-128 M-J. O. Saarinen
  14. Advances in Cryptology - EUROCRYT'89, LNCS 434 Nonlinearity Criteria for Cryptographic Functions W. Meier;O. Staffelbach
  15. Advances in Cryptology - CRYTO'91, LNCS 576 On Correlation-immune Functions P. Camion;C. Carlet;P. Charpin;N. Sendrier
  16. Advances in Cryptology - EUROCRYT'96, LNCS 1070 Fast low order approximation of Cryp-tographic Functions J. Golic