Abstract
In this paper, we show that a large class of diverse problems have a bicomposite structure which makes it possible to solve them with a new type of algorithm called dissection, which has much better time/memory tradeoffs than previously known algorithms. A typical example is the problem of finding the key of multiple encryption schemes with r independent n-bit keys. All the previous error-free attacks required time T and memory M satisfying TM= 2 rn, and even if “false negatives” are allowed, no attack could achieve TM< 2 3 r n / 4. Our new technique yields the first algorithm which never errs and finds all the possible keys with a smaller product of TM, such as T= 2 4 n time and M= 2 n memory for breaking the sequential execution of r = 7 block ciphers. The improvement ratio we obtain increases in an unbounded way as r increases, and if we allow algorithms which can sometimes miss solutions, we can get even better tradeoffs by combining our dissection technique with parallel collision search. To demonstrate the generality of the new dissection technique, we show how to use it in a generic way in order to improve rebound attacks on hash functions and to solve with better time complexities (for small memory complexities) hard combinatorial search problems, such as the well-known knapsack problem.
| Original language | English |
|---|---|
| Pages (from-to) | 1448-1490 |
| Number of pages | 43 |
| Journal | Journal of Cryptology |
| Volume | 32 |
| Issue number | 4 |
| DOIs | |
| State | Published - 1 Oct 2019 |
Bibliographical note
Publisher Copyright:© 2018, International Association for Cryptologic Research.
Funding
The authors like to thank the anonymous reviewers of this paper for their useful comments and suggestions. The first author was supported in part by the Israeli Science Foundation through Grant No. 573/16. The second author was supported in part by the Israeli Science Foundation through Grant No. 827/12 and by the Commission of the European Communities through the Horizon 2020 program under Project Number 645622 PQCRYPTO. The third author was supported by the European Research Council under the ERC starting Grant Agreement Number 757731 (LightCrypt) and by the BIU Center for Research in Applied Cryptography and Cyber Security in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office.
| Funders | Funder number |
|---|---|
| Horizon 2020 Framework Programme | 757731, 645622 PQCRYPTO |
| European Commission | |
| Israel Science Foundation | 827/12, 573/16 |
Keywords
- Bicomposite problems
- Cryptanalysis
- Dissection algorithm
- Knapsack problems
- Multiple encryption
- Time-memory tradeoff