Modeling for Three-Subset Division Property Without Unknown Subset - Improved Cube Attacks

Explore a comprehensive presentation on advanced cryptographic techniques focusing on improved cube attacks using modeling for three-subset division property without unknown subset. Delve into the evolution of cube attacks, from their origins as variants of higher-order differential attacks to the latest third-generation methods. Examine the paper's key findings, including degeneration results for stream ciphers and the challenges of implementing three-subset division property in MILP. Learn about the new modeling approach and its application in a successful 839-round key recovery attack against Trivium. Gain insights into the cutting-edge research presented at Eurocrypt 2020, advancing the field of cryptanalysis and cipher security.

Intro
Overview Cube attack[DS09] : Variant of higher-order differential attacks.
Results from our new algorithm Degeneration results
Stream ciphers
History of cube attacks 1st generation [DS09]
What assumptions are required in the 2nd gen?NTT [TIHM17] used the bit-based division property.
Idea of 3rd gen. cube attack • The preliminary idea was introduced in WHGZS19 .
Path search based on division trail Goal is to check if f(x) has the monomial x or not.
Three-subset division property • We need to use two different propagations.
MILP-unfriendly property Three-subset division property is unfriendly with MILP.
Three-subset division property w/o unknown NTT
The new modeling
Cube attack against Trivium 839-round key recovery attack WHTLIM 18 .
Summary of applications