This is the repository for the paper "Cube Attack against 843-Round Trivium", Cryptology ePrint Archive: Report 2021/547.
-
Code for verifying parts of the superpoly for 843-round Trivium: trivium_verify.cpp.
-
Monomials in the superpoly for the cube {0, 1, ..., 79}/{30, 76}: superpoly/raw_monomials, superpoly/superpoly_monomials.
-
Logs for computed results: log/trivium_verify_843_1_key*.log.
Please first install Gurobi solver and set a proper license.
Please edit "Makefile" according to your configuration. Then type
make
to compile the codes.
After you compile the code, please type
./trivium_verify [ROUND] [INDEX] [KEY_INDEX]
for run.
The possible combinations of (ROUND, INDEX, KEY_INDEX) are listed as follows,
-
ROUND = 843, INDEX = 1, KEY_INDEX = 0: Recover part of the superpoly for the cube {0,1,...,79}/{30, 76} of 843-round Trivium, which consists of all monomials involving k0.
-
ROUND = 843, INDEX = 1, KEY_INDEX = 2: Recover part of the superpoly for the cube {0,1,...,79}/{30, 76} of 843-round Trivium, which consists of all monomials involving k2. The output should be a single monomial {k2}, which means no other monomials in the super polynomial involve the variable k2, so this superpoly is a balance polynomial.