Bivium as a Mixed Integer Programming Problem

Julia Borghoff; Lars Ramkilde Knudsen; Mathias Stolpe

Bivium as a Mixed Integer Programming Problem

Julia Borghoff, Lars Ramkilde Knudsen, Mathias Stolpe

Department of Wind Energy

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

Abstract

Trivium is a stream cipher proposed for the eSTREAM project. Raddum introduced some reduced versions of Trivium, named Bivium A and Bivium B. In this article we present a numerical attack on the Biviums. The main idea is to transform the problem of solving a sparse system of quadratic equations over $GF(2)$ into a combinatorial optimization problem. We convert the Boolean equation system into an equation system over $\mathbb{R}$ and formulate the problem of finding a $0$-$1$-valued solution for the system as a mixed-integer programming problem. This enables us to make use of several algorithms in the field of combinatorial optimization in order to find a solution for the problem and recover the initial state of Bivium. In particular this gives us an attack on Bivium B in estimated time complexity of $2^{63.7}$ seconds. But this kind of attack is also applicable to other cryptographic algorithms.

Original language	English
Title of host publication	Cryptography and Coding : 12th IMA International Conference, Cryptography and Coding 2009 Cirencester, UK, DEcenber 2009
Editors	Matthew G. Parker
Publisher	Springer
Publication date	2009
Pages	133-152
ISBN (Print)	978-3-642-10867-9
Publication status	Published - 2009
Event	12th IMA International Conference on Cryptography and Coding - Duration: 1 Jan 2009 → …

Conference

Conference	12th IMA International Conference on Cryptography and Coding
Period	01/01/2009 → …

Series	Lecture Notes of Computer Science
Number	5921
ISSN	0302-9743

Fingerprint Dive into the research topics of 'Bivium as a Mixed Integer Programming Problem'. Together they form a unique fingerprint.

Cite this

@inproceedings{868e036d5a684a2492c8dc07d7096321,

title = "Bivium as a Mixed Integer Programming Problem",

abstract = "Trivium is a stream cipher proposed for the eSTREAM project. Raddum introduced some reduced versions of Trivium, named Bivium A and Bivium B. In this article we present a numerical attack on the Biviums. The main idea is to transform the problem of solving a sparse system of quadratic equations over $GF(2)$ into a combinatorial optimization problem. We convert the Boolean equation system into an equation system over $\mathbb{R}$ and formulate the problem of finding a $0$-$1$-valued solution for the system as a mixed-integer programming problem. This enables us to make use of several algorithms in the field of combinatorial optimization in order to find a solution for the problem and recover the initial state of Bivium. In particular this gives us an attack on Bivium B in estimated time complexity of $2^{63.7}$ seconds. But this kind of attack is also applicable to other cryptographic algorithms.",

author = "Julia Borghoff and Knudsen, {Lars Ramkilde} and Mathias Stolpe",

year = "2009",

language = "English",

isbn = "978-3-642-10867-9",

series = "Lecture Notes of Computer Science",

publisher = "Springer",

number = "5921",

pages = "133--152",

editor = "Parker, {Matthew G.}",

booktitle = "Cryptography and Coding",

note = "12th IMA International Conference on Cryptography and Coding ; Conference date: 01-01-2009",

}

Borghoff, J, Knudsen, LR & Stolpe, M 2009, Bivium as a Mixed Integer Programming Problem. in MG Parker (ed.), Cryptography and Coding: 12th IMA International Conference, Cryptography and Coding 2009 Cirencester, UK, DEcenber 2009. Springer, Lecture Notes of Computer Science, no. 5921, pp. 133-152, 12th IMA International Conference on Cryptography and Coding, 01/01/2009.

Bivium as a Mixed Integer Programming Problem. / Borghoff, Julia; Knudsen, Lars Ramkilde ; Stolpe, Mathias.

Cryptography and Coding: 12th IMA International Conference, Cryptography and Coding 2009 Cirencester, UK, DEcenber 2009. ed. / Matthew G. Parker. Springer, 2009. p. 133-152 (Lecture Notes of Computer Science; No. 5921).

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

TY - GEN

T1 - Bivium as a Mixed Integer Programming Problem

AU - Borghoff, Julia

AU - Knudsen, Lars Ramkilde

AU - Stolpe, Mathias

PY - 2009

Y1 - 2009

N2 - Trivium is a stream cipher proposed for the eSTREAM project. Raddum introduced some reduced versions of Trivium, named Bivium A and Bivium B. In this article we present a numerical attack on the Biviums. The main idea is to transform the problem of solving a sparse system of quadratic equations over $GF(2)$ into a combinatorial optimization problem. We convert the Boolean equation system into an equation system over $\mathbb{R}$ and formulate the problem of finding a $0$-$1$-valued solution for the system as a mixed-integer programming problem. This enables us to make use of several algorithms in the field of combinatorial optimization in order to find a solution for the problem and recover the initial state of Bivium. In particular this gives us an attack on Bivium B in estimated time complexity of $2^{63.7}$ seconds. But this kind of attack is also applicable to other cryptographic algorithms.

AB - Trivium is a stream cipher proposed for the eSTREAM project. Raddum introduced some reduced versions of Trivium, named Bivium A and Bivium B. In this article we present a numerical attack on the Biviums. The main idea is to transform the problem of solving a sparse system of quadratic equations over $GF(2)$ into a combinatorial optimization problem. We convert the Boolean equation system into an equation system over $\mathbb{R}$ and formulate the problem of finding a $0$-$1$-valued solution for the system as a mixed-integer programming problem. This enables us to make use of several algorithms in the field of combinatorial optimization in order to find a solution for the problem and recover the initial state of Bivium. In particular this gives us an attack on Bivium B in estimated time complexity of $2^{63.7}$ seconds. But this kind of attack is also applicable to other cryptographic algorithms.

M3 - Article in proceedings

SN - 978-3-642-10867-9

T3 - Lecture Notes of Computer Science

SP - 133

EP - 152

BT - Cryptography and Coding

A2 - Parker, Matthew G.

PB - Springer

T2 - 12th IMA International Conference on Cryptography and Coding

Y2 - 1 January 2009

ER -