CUDA implementation of Cube Attack
GPL-3.0 License
CUDA_CubeAttack aims to offer a flexible implementation of cube attack exploiting CUDA framework (sm_50).
Choose the proper bit/byte ordering in cipher.cu and validator.py file, setting the proper public and private key size.
Copy cipher's code in cipher.cu until the bottom delimiter.
Then just uncomment one of following lines in IV_gen and IV_gen_host functions:
...
iv[(cube_index[i]/8)] += to_MSB(c_i * (1<<(cube_index[i]%8))); //Trivium
//iv[(IV_dim-1)-(cube_index[i]/8)] += to_MSB(c_i * (1<<(cube_index[i]%8))); // Grain
//iv[(cube_index[i]/8)] += (c_i * (1<<((cube_index[i]%8)))); // Morus
...
choose the same order in key_gen_superpoly_reconstruction:
...
//k_start[(tid/8)] = (1<<(pos%8)); // Morus
k_start[(tid/8)] = to_MSB(1<<(pos%8)); // Trivium
//k_start[(K_dim-1) - (tid/8)] = to_MSB(1<<7-(pos%8)); //Grain
...
and finally edit validator.py:
...
bin_assignment = reduce(lambda x,y:x+y,[('0'*(8-len(bin(c).split('b')[1]))+bin(c).split('b')[1]) for c in ks]) # this depends on the cipher, OK for Trivium
#bin_assignment = reduce(lambda x,y:x+y,[('0'*(8-len(bin(c).split('b')[1]))+bin(c).split('b')[1])[::-1] for c in ks]) # this depends on the cipher, OK for MORUS
#bin_assignment = reduce(lambda x,y:x+y,[('0'*(8-len(bin(c).split('b')[1]))+bin(c).split('b')[1])[::-1] for c in ks][::-1]) # this depends on the cipher, OK for Grain
...
Remember to set the proper K_dim.
Once set the proper N_ROUND in cipehr.cu, after choosing the proper output bit position through BIT_POSITION_APP and BIT_POSITION, you can call launch_attack.sh as follow:
Then two files are produced:
Where the line position links each maxterm with the corresponding superpoly.
Check results using validator.py:
To integrate new cipher's code in cipher.cu, the following functions has to be implemented:
Then implement the corresponding host functions(encrypt_host, encrypt_exploit_host).
The following parameters must be defined according to cipher's specification:
Checking literature results for cubes and superpolies. Write the candidate maxterm in cubes_test_window.txt in offline subdirectory (indexing start from 0).
Select one of the ordering in cipher.cu, call ./final_attack/offline/superpoly_rec/att1 and check in superpolies_window.txt the superpolies obtained.
The right ordering will generate the same published superpolies.
From launch_attack.sh you can select one of the following maxterm mining versions:
Results against Trivium, Morus-640-128 and Grain-128AEAD are reported here.