This is the repository for the paper "An Algebraic Formulation of the Division Property: Revisiting Degree Evaluations, Cube Attacks, and Key-Independent Sums" accepted by the Asiacrypt 2020.
- Code for recovering the superpoly for 840-, 841- and 842-round Trivium
- Code for compute the exact degree of Trivium up to 834 rounds
- A demo for PoolSearchMode by a + b + c + d + e + f = 1 example
- Superpolies that contain two many monomials (PI6, PI7, PI9, PI10) used in Section 5
To run our code, you should first install the Gurobi solver and set the proper license.
After you install the solver, then you need to edit Makefile to modify --lgurobixx to your own version. Then type
make
to compilen our code.
After you compile the code, just type
./trivium
to compute the degree of Trivium up to 834 rounds.
After you compile the code, type
./trivium [ROUND] [INDEX]
The possible combinations of (ROUND, INDEX) are listed as follows,
-
ROUND = 840, INDEX = 1: Recover the superpoly for [0,1,...,79]/{70, 72, 74, 76, 78} of 840-round Trivium
-
ROUND = 840, INDEX = 2: Recover the superpoly for [0,1,...,79]/{72, 74, 76, 78} of 840-round Trivium
-
ROUND = 840, INDEX = 3: Recover the superpoly for [0,1,...,79]/{70, 74, 76, 78} of 840-round Trivium
-
ROUND = 841, INDEX = 1: Recover the superpoly for [0,1,...,79]/{70, 72, 76, 78} of 841-round Trivium
-
ROUND = 841, INDEX = 2: Recover the superpoly for [0,1,...,79]/{72, 76, 78} of 841-round Trivium
-
ROUND = 842, INDEX = 1: Recover the superpoly for [0,1,...,79]/{72, 74, 76, 78} of 842-round Trivium
-
ROUND = 842, INDEX = 2: Recover the superpoly for [0,1,...,79]/{74, 76, 78} of 842-round Trivium