Abstract. Almost any cryptographic scheme can be described by tweakable polynomials over
GF(2), which contain both secret variables (e.g., key bits) and public variables (e.g., plaintext bits
or IV bits). The cryptanalyst is allowed to tweak the polynomials by choosing arbitrary values for
the public variables, and his goal is to solve the resultant system of polynomial equations in terms
of their common secret variables. In this paper we develop a new technique (called a cube attack)
for solving such tweakable polynomials, which is a major improvement over several previously
published attacks of the same type.
Läs mer på ePrint: