Differential Attacks by Algebraic Solving on a Series of HE‐Friendly Stream Ciphers.

Saved in:
Bibliographic Details
Title: Differential Attacks by Algebraic Solving on a Series of HE‐Friendly Stream Ciphers.
Authors: Hu, Xichao1 (AUTHOR), Jiao, Lin1 (AUTHOR) jiaolin_jl@126.com, Li, Yongqiang2,3 (AUTHOR), Hao, Yonglin1 (AUTHOR), Gong, Xinxin1 (AUTHOR), Deepali (AUTHOR) dedeepali@wiley.com
Source: IET Information Security (Wiley-Blackwell). 5/6/2026, Vol. 2026, p1-17. 17p.
Subjects: Stream ciphers, Satisfiability (Computer science), Cryptography, Data encryption, Algebraic equations
Abstract: In recent years, many symmetric encryption ciphers have been proposed for homomorphic encryption (HE) applications. Rasta and its variants Masta and Pasta have gradually become a self‐contained series of HE‐friendly stream ciphers. The feature of these ciphers is that a fresh affine layer is randomly generated for each encryption. Although Rasta explicitly stated that it does not consider related‐key attacks in its specification and it is difficult to find exploitable good differential characteristics even if considered, Masta and Pasta do not mention related‐key attacks. Therefore, in this paper, we aim to comprehensively study the impact of related‐key attacks on the security of these ciphers and determine whether the round requirement for satisfying the security bound is effective even in the multi‐client scenario. Based on the general key structure and specific key differential patterns, we propose two practical related‐key attacks based on linearization attacks and one based on SAT solving method. These attacks successfully break Pasta's both instances (2/2), Masta and Rasta's most instances (9/16 and 5/9). Furthermore, we theoretically discuss the validity conditions of the trivial linearization attack and experimentally verify it. [ABSTRACT FROM AUTHOR]
Copyright of IET Information Security (Wiley-Blackwell) is the property of Wiley-Blackwell and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
Description
Abstract:In recent years, many symmetric encryption ciphers have been proposed for homomorphic encryption (HE) applications. Rasta and its variants Masta and Pasta have gradually become a self‐contained series of HE‐friendly stream ciphers. The feature of these ciphers is that a fresh affine layer is randomly generated for each encryption. Although Rasta explicitly stated that it does not consider related‐key attacks in its specification and it is difficult to find exploitable good differential characteristics even if considered, Masta and Pasta do not mention related‐key attacks. Therefore, in this paper, we aim to comprehensively study the impact of related‐key attacks on the security of these ciphers and determine whether the round requirement for satisfying the security bound is effective even in the multi‐client scenario. Based on the general key structure and specific key differential patterns, we propose two practical related‐key attacks based on linearization attacks and one based on SAT solving method. These attacks successfully break Pasta's both instances (2/2), Masta and Rasta's most instances (9/16 and 5/9). Furthermore, we theoretically discuss the validity conditions of the trivial linearization attack and experimentally verify it. [ABSTRACT FROM AUTHOR]
ISSN:17518709
DOI:10.1049/ise2/5820924