Bivium as a Mixed Integer Programming Problem

Julia Borghoff; Lars Ramkilde Knudsen; Mathias Stolpe

Bivium as a Mixed Integer Programming Problem

Julia Borghoff, Lars Ramkilde Knudsen, Mathias Stolpe

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

Abstract

Trivium is a stream cipher proposed for the eSTREAM project. Raddum introduced some reduced versions of Trivium, named Bivium A and Bivium B. In this article we present a numerical attack on the Biviums. The main idea is to transform the problem of solving a sparse system of quadratic equations over $GF(2)$ into a combinatorial optimization problem. We convert the Boolean equation system into an equation system over $\mathbb{R}$ and formulate the problem of finding a $0$-$1$-valued solution for the system as a mixed-integer programming problem. This enables us to make use of several algorithms in the field of combinatorial optimization in order to find a solution for the problem and recover the initial state of Bivium. In particular this gives us an attack on Bivium B in estimated time complexity of $2^{63.7}$ seconds. But this kind of attack is also applicable to other cryptographic algorithms.

Original language	English
Title of host publication	Cryptography and Coding : 12th IMA International Conference, Cryptography and Coding 2009 Cirencester, UK, DEcenber 2009
Editors	Matthew G. Parker
Publisher	Springer
Publication date	2009
Pages	133-152
ISBN (Print)	978-3-642-10867-9
Publication status	Published - 2009
Event	12th IMA International Conference on Cryptography and Coding - Cirencester, United Kingdom Duration: 15 Dec 2009 → 17 Dec 2009 Conference number: 12

Conference

Conference	12th IMA International Conference on Cryptography and Coding
Number	12
Country/Territory	United Kingdom
City	Cirencester
Period	15/12/2009 → 17/12/2009

Series	Lecture Notes of Computer Science
Number	5921
ISSN	0302-9743

OpenUrl availability

Full text

Cite this

@inproceedings{868e036d5a684a2492c8dc07d7096321,

title = "Bivium as a Mixed Integer Programming Problem",

abstract = "Trivium is a stream cipher proposed for the eSTREAM project. Raddum introduced some reduced versions of Trivium, named Bivium A and Bivium B. In this article we present a numerical attack on the Biviums. The main idea is to transform the problem of solving a sparse system of quadratic equations over \$GF(2)\$ into a combinatorial optimization problem. We convert the Boolean equation system into an equation system over \$\textbackslash{}mathbb\{R\}\$ and formulate the problem of finding a \$0\$-\$1\$-valued solution for the system as a mixed-integer programming problem. This enables us to make use of several algorithms in the field of combinatorial optimization in order to find a solution for the problem and recover the initial state of Bivium. In particular this gives us an attack on Bivium B in estimated time complexity of \$2\textasciicircum{}\{63.7\}\$ seconds. But this kind of attack is also applicable to other cryptographic algorithms.",

author = "Julia Borghoff and Knudsen, \{Lars Ramkilde\} and Mathias Stolpe",

year = "2009",

language = "English",

isbn = "978-3-642-10867-9",

series = "Lecture Notes of Computer Science",

publisher = "Springer",

number = "5921",

pages = "133--152",

editor = "Parker, \{Matthew G.\}",

booktitle = "Cryptography and Coding",

note = "12th IMA International Conference on Cryptography and Coding, IMACC 2009 ; Conference date: 15-12-2009 Through 17-12-2009",

}

Borghoff, J, Knudsen, LR & Stolpe, M 2009, Bivium as a Mixed Integer Programming Problem. in MG Parker (ed.), Cryptography and Coding: 12th IMA International Conference, Cryptography and Coding 2009 Cirencester, UK, DEcenber 2009. Springer, Lecture Notes of Computer Science, no. 5921, pp. 133-152, 12th IMA International Conference on Cryptography and Coding, Cirencester, United Kingdom, 15/12/2009.

Bivium as a Mixed Integer Programming Problem. / Borghoff, Julia; Knudsen, Lars Ramkilde; Stolpe, Mathias.
Cryptography and Coding: 12th IMA International Conference, Cryptography and Coding 2009 Cirencester, UK, DEcenber 2009. ed. / Matthew G. Parker. Springer, 2009. p. 133-152 (Lecture Notes of Computer Science; No. 5921).

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

TY - GEN

T1 - Bivium as a Mixed Integer Programming Problem

AU - Borghoff, Julia

AU - Knudsen, Lars Ramkilde

AU - Stolpe, Mathias

N1 - Conference code: 12

PY - 2009

Y1 - 2009

N2 - Trivium is a stream cipher proposed for the eSTREAM project. Raddum introduced some reduced versions of Trivium, named Bivium A and Bivium B. In this article we present a numerical attack on the Biviums. The main idea is to transform the problem of solving a sparse system of quadratic equations over $GF(2)$ into a combinatorial optimization problem. We convert the Boolean equation system into an equation system over $\mathbb{R}$ and formulate the problem of finding a $0$-$1$-valued solution for the system as a mixed-integer programming problem. This enables us to make use of several algorithms in the field of combinatorial optimization in order to find a solution for the problem and recover the initial state of Bivium. In particular this gives us an attack on Bivium B in estimated time complexity of $2^{63.7}$ seconds. But this kind of attack is also applicable to other cryptographic algorithms.

AB - Trivium is a stream cipher proposed for the eSTREAM project. Raddum introduced some reduced versions of Trivium, named Bivium A and Bivium B. In this article we present a numerical attack on the Biviums. The main idea is to transform the problem of solving a sparse system of quadratic equations over $GF(2)$ into a combinatorial optimization problem. We convert the Boolean equation system into an equation system over $\mathbb{R}$ and formulate the problem of finding a $0$-$1$-valued solution for the system as a mixed-integer programming problem. This enables us to make use of several algorithms in the field of combinatorial optimization in order to find a solution for the problem and recover the initial state of Bivium. In particular this gives us an attack on Bivium B in estimated time complexity of $2^{63.7}$ seconds. But this kind of attack is also applicable to other cryptographic algorithms.

M3 - Article in proceedings

SN - 978-3-642-10867-9

T3 - Lecture Notes of Computer Science

SP - 133

EP - 152

BT - Cryptography and Coding

A2 - Parker, Matthew G.

PB - Springer

T2 - 12th IMA International Conference on Cryptography and Coding

Y2 - 15 December 2009 through 17 December 2009

ER -

Bivium as a Mixed Integer Programming Problem

Abstract

Conference

OpenUrl availability

Fingerprint

Cite this