Efficient Dissection of Composite Problems, with Applications to Cryptanalysis, Knapsacks, and Combinatorial Search Problems

@inproceedings{Dinur2012EfficientDO,
  title={Efficient Dissection of Composite Problems, with Applications to Cryptanalysis, Knapsacks, and Combinatorial Search Problems},
  author={Itai Dinur and Orr Dunkelman and Nathan Keller and Adi Shamir},
  booktitle={CRYPTO},
  year={2012}
}
In this paper we show that a large class of diverse problems have a bicomposite structure which makes it possible to solve them with a new type of algorithm called dissection, which has much better time/memory tradeoffs than previously known algorithms. A typical example is the problem of finding the key of multiple encryption schemes with r independent n-bit keys. All the previous error-free attacks required time T and memory M satisfying $$TM = 2^{rn}$$, and even if "false negatives" are… 
Efficient Dissection of Bicomposite Problems with Cryptanalytic Applications
TLDR
The generality of the new dissection technique is used in a generic way in order to improve rebound attacks on hash functions and to solve with better time complexities (for small memory complexities) hard combinatorial search problems, such as the well-known knapsack problem.
New Attacks on Feistel Structures with Improved Memory Complexities
TLDR
Improved attacks on Feistel structures with more than 4 rounds are described by a new attack that combines the main benefits of meet-in-the-middle attacks and dissection attacks to reduce the memory complexity.
Faster Space-Efficient Algorithms for Subset Sum, k-Sum and Related Problems
We present randomized algorithms that solve subset sum and knapsack instances with $n$ items in $O^*(2^{0.86n})$ time, where the $O^*(\cdot)$ notation suppresses factors polynomial in the input size,
An algorithmic framework for the generalized birthday problem
  • Itai Dinur
  • Computer Science
    IACR Cryptol. ePrint Arch.
  • 2018
TLDR
This paper improves the best known GBP time-memory tradeoff curve for all K, using a framework that combines several algorithmic techniques such as variants of the Schroeppel–Shamir algorithm for solving knapsack problems and dissection algorithms.
Tight security bounds for multiple encryption
TLDR
This paper improves both the best known attacks and best known provable security, so that both bounds match, and shows that the security of l-round multiple encryption is precisely exp(κ+min{κ(l − 2)/2), n(l- 2)/l}) where exp(t) = 2.
Quantum Time-Space Tradeoff for Finding Multiple Collision Pairs
TLDR
It is proved that the number of queries to the function in the quantum random oracle model must increase significantly when the size of the available memory is limited, and limits the extent to which quantum computing may decrease this tradeoff.
Improved Key Recovery Attacks on Reduced-Round AES with Practical Data and Memory Complexities
TLDR
This paper combines the technique of Grassi et al. with several other techniques in a novel way to obtain the best known key recovery attack on 5-round AES in the single-key model, reducing its overall complexity from about $$2^{32}$$ 2 32 to less than $2^{22]$$ 2 22 .
Tight Time-Space Lower Bounds for Finding Multiple Collision Pairs and Their Applications
  • Itai Dinur
  • Computer Science
    IACR Cryptol. ePrint Arch.
  • 2020
We consider a collision search problem (CSP), where given a parameter C, the goal is to find C collision pairs in a random function \(f:[N] \rightarrow [N]\) (where \([N] = \{0,1,\ldots ,N-1\})\)
The Security of Multiple Encryption in the Ideal Cipher Model
TLDR
This paper improves both the best known attacks and best known provable security, so that both bounds match, and shows that the security of l-round multiple encryption is precisely \(\exp(t) = 2^t\) where l′ = 2⌈l/2⌉ is the smallest even integer greater than or equal to l.
Improved Combinatorial Algorithms for the Inhomogeneous Short Integer Solution Problem
TLDR
Algorithms for the inhomogeneous short integer solution problem, applying the Hermite normal form (HNF) to get faster algorithms; a heuristic analysis of the HGJ and BCJ algorithms in the case of density greater than one; an improved cryptanalysis of the SWIFFT hash function.
...
...

References

SHOWING 1-10 OF 41 REFERENCES
New Generic Algorithms for Hard Knapsacks
TLDR
This paper proposes here two new algorithms which improve on the current state-of-the-art algorithm by Schroeppel and Shamir and lowers the running time down to either $\tilde{O} (2^{0.385\, n})$ or ($2^{n/4})$ under a reasonable heuristic.
A cryptanalytic time-memory trade-off
  • M. Hellman
  • Computer Science, Mathematics
    IEEE Trans. Inf. Theory
  • 1980
TLDR
A probabilistic method is presented which cryptanalyzes any N key cryptosystem in N 2/3 operational with N2/3 words of memory after a precomputation which requires N operations, and works in a chosen plaintext attack and can also be used in a ciphertext-only attack.
Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude
TLDR
A technique based on parallel collision search is described which requires O(√n/w) times fewer operations and O(n/W) times less memory accesses than previous approaches to meet-in-the-middle attacks.
Space-Time Tradeoffs for Subset Sum: An Improved Worst Case Algorithm
TLDR
The strategy for dealing with arbitrary instances is to instead inject the randomness into the dissection process itself by working over a carefully selected but random composite modulus, and to introduce explicit space---time controls into the algorithm by means of a "bailout mechanism".
Improved Attacks on Full GOST
TLDR
A new fixed point property is introduced and a better way to attack 8-round GOST in order to find improved attacks on full GOST, which can be reduced from an impractical 264 to a practical 236 without changing the 2224 time complexity.
Advances in Cryptology — CRYPTO ’96
  • N. Koblitz
  • Computer Science, Mathematics
    Lecture Notes in Computer Science
  • 2001
TLDR
This work presents new, simple, and practical constructions of message authentication schemes based on a cryptographic hash function, and proves that NMAC and HMAC are proven to be secure as long as the underlying hash function has some reasonable cryptographic strengths.
Advances in Cryptology - CRYPTO '92, 12th Annual International Cryptology Conference, Santa Barbara, California, USA, August 16-20, 1992, Proceedings
TLDR
The next generation of Secure and Practical RSA-Based Signatures and Trade-offs Between Communication and Storage in Unconditionally Secure Schemes for Broadcast Encryption and Interactive Key Distribution are presented.
The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grøstl
TLDR
The rebound attack consists of an inbound phase with a match-in-the-middle part to exploit the available degrees of freedom in a collision attack to efficiently bypass the low probability parts of a differential trail.
Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions
  • A. Joux
  • Computer Science, Mathematics
    CRYPTO
  • 2004
TLDR
It is shown that finding multicollisions, i.e. r-tuples of messages that all hash to the same value, is not much harder than finding ordinary collisions, even for extremely large values of r, and it is proved that concatenating the results of several iterated hash functions in order to build a larger one does not yield a secure construction.
Improved Generic Algorithms for Hard Knapsacks
TLDR
A constant memory algorithm based on cycle finding with running time O(20.72n); an implementation shows the practicability of the technique and a time-memory tradeoff is shown.
...
...