Superpoly algebraic normal form monomial test on Trivium

Recently, AIDA/cube testers have been revealed to be useful in building distinguishers for several cryptography schemes. χ 2 tests, on the other hand, are well known and extensively used for distinguishing purposes. In this study, the notion of multi‐χ 2 test and AIDA/cube testers are utilised to introduce the superpoly algebraic normal form monomial test through which the output of reduced round Trivium is distinguished from being random. The test successfully distinguishes the keystream of Trivium with 830 out of 1152 initialisation rounds with a complexity of 2 39 operations, which is the most effective distinguisher on reduced Trivium thus far. Applying algebraic IV differential attack (AIDA)/cube testers to a system, one of the main concerns is the appropriate choice of the superpoly variables, in the sense that the complexity of distinguishing the system output becomes near minimal. In an effort to discover appropriate superpoly variables, the authors propose a heuristic method that determines weak combination set of bits. The notion of weak combinations is defined in this study as a property ofthe cube variables whose corresponding superpoly is distinguishable. This heuristic method is performed on reduced round Trivium and its strength on determining appropriate superpoly variables is verified for 730 and 760 rounds Trivium.