Conditional Cube Searching And Applications On Trivium-Variant Ciphers

In this paper, we describe a new cube searching method called conditional searching. The main idea of this new searching method is to reduce the searching space and contains two main steps: finding complementary variables and searching conditional cubes. At the first step, we introduce a concept of complementary variables corresponding to cube variables to ensure that cube variables are not multiplied with each other in the first few propagations. According to the taps in the feedback functions, two main strategies are given to find complementary variables. At the second step, we first give a simple algorithm to estimate the maximal size of conditional cubes that don't contain any complementary variable. Then another algorithm is given to search conditional cubes. We can confirm the maximum numbers of initialization rounds of some NFSR-based cryptosystems such that the generated keystream bit does not achieve the maximum algebraic degree with our cube searching method and the algebraic degree estimated method numeric mapping. We apply our method to Trivium to verify the validity and our searching space is about 2(12)(.5) much smaller than that of existing results. We also introduce two Trivium-variants named Par-Trivium and Loc-Trivium, and apply the method to them. We can get an upper bound of the maximum initialization rounds when we change the parameters or the key and IV loading locations in Trivium. The applications provide some insights into the taps used in the feedback functions of such stream ciphers. We believe that our method is useful in both cryptanalysis and design of NFSR-based cryptosystems.