Cryptanalysis of TFHE-Friendly Cipher FRAST

Bak, Antoine; Ghosh, Shibam; Liu, Fukang; Meier, Willi; Ni, Jianqiang; Perrin, Léo

Cryptanalysis of TFHE-Friendly Cipher FRAST

Dateien

ToSC2026_1_05.pdf(826.78 KB)

Autor:innen

Autor:in (Körperschaft)

Publikationsdatum

2026

Typ der Arbeit

Studiengang

Sammlung

Institut für Sensorik und Elektronik

Komplettanzeige

Typ

01A - Beitrag in wissenschaftlicher Zeitschrift

Herausgeber:innen

Herausgeber:in (Körperschaft)

Betreuer:in

Übergeordnetes Werk

IACR Transactions on Symmetric Cryptology

Themenheft

DOI der Originalpublikation

https://doi.org/10.46586/tosc.v2026.i1.119-147

URI

https://irf.fhnw.ch/handle/11645/56994
https://doi.org/10.26041/fhnw-16459

Link

Zugehörige Forschungsdaten

Reihe / Serie

Reihennummer

Jahrgang / Band

2026

Ausgabe / Nummer

1

Seiten / Dauer

119-147

Patentnummer

Verlag / Herausgebende Institution

Ruhr-Universität Bochum

Verlagsort / Veranstaltungsort

Auflage

Version

Programmiersprache

Abtretungsempfänger:in

Praxispartner:in/Auftraggeber:in

Zusammenfassung

FRAST is a TFHE-friendly stream cipher that was published at FSE 2025. The cipher is defined over Z16, and makes extensive use of negacyclic S-boxes over Z16 as they are less costly in TFHE. Like many FHE-friendly ciphers, FRAST randomizes some of its components to increase its security against statistical attacks. In the case of FRAST, some S-boxes are randomized using an XOF that takes a nonce as input. In this work, we point out a strong structural property of the full FRAST permutation, which leads to a much simpler alternative representation of the primitive. We study the consequences of this representation and find a weak key space of non-negligible size (i.e., much larger than 2128) on which every ciphertext leaks one bit of plaintext. This corresponds to a distinguishing attack on the full FRAST in the weak-key setting. In particular, we emphasize that, apart from the structural property, the usage of negacyclic S-boxes further leads to a much larger weak-key space for our attack.Finally, we provide a general framework to mount a linear attack on FRAST in the average key setting. We briefly describe our approach in the end of the paper, and observe that standard assumptions expected to work in the context of linear cryptanalysis do not hold in the case of FRAST: our experiments indicate that a linear attack in the average key setting does not work as expected.

Schlagwörter

Fachgebiet (DDC)

004 - Computer Wissenschaften, Internet

Projekt

Veranstaltung

Startdatum der Ausstellung

Enddatum der Ausstellung

Startdatum der Konferenz

Enddatum der Konferenz

Datum der letzten Prüfung

ISBN

ISSN

2519-173X
2569-2925

Sprache

Englisch

Während FHNW Zugehörigkeit erstellt

Ja

Zukunftsfelder FHNW

Publikationsstatus

Veröffentlicht

Begutachtung

peer-reviewed

Open Access-Status

Diamond

Lizenz

Zitation

Bak, A., Ghosh, S., Liu, F., Meier, W., Ni, J., & Perrin, L. (2026). Cryptanalysis of TFHE-Friendly Cipher FRAST. IACR Transactions on Symmetric Cryptology, 2026(1), 119–147. https://doi.org/10.46586/tosc.v2026.i1.119-147

Komplettanzeige