Algebraic Cryptanalysis is a widely used technique that tackles the problem of breaking ciphers mainly relying on the ability to express a cryptosystem as a solvable polynomial system. Each output bit/word can be expressed as a polynomial equation in the cipher’s inputs—namely the key and the plaintext or the initialisation vector bits/words. A part of research in this area consists in finding suitable algebraic structures where polynomial systems can be effectively solved, e.g., by computing Gröbner bases. In 2009, Dinur and Shamir proposed the cube attack, a chosen plaintext algebraic cryptanalysis technique for the offline acquisition of an equivalent system by means of monomial reduction; interpolation on cubes in the space of variables enables retrieving a linear polynomial system, hence making it exploitable in the online phase to recover the secret key. Since its introduction, this attack has received both many criticisms and endorsements from the crypto community; this work aims at providing, under a unified notation, a complete state-of-the-art review of recent developments by categorising contributions in five classes. We conclude the work with an in-depth description of the kite attack framework, a cipher-independent tool that implements cube attacks on GPUs. Mickey2.0 is adopted as a showcase.

代数密码分析是一种广泛使用的技术，主要依靠将密码系统表示为可解多项式系统的能力来解决破解密码的问题。每个输出位/字都可以表示为密码输入中的多项式方程——即密钥和明文或初始化向量位/字。该领域的一部分研究包括寻找合适的代数结构，其中可以有效地求解多项式系统，例如，通过计算 Gröbner 基。2009年，Dinur和Shamir提出了立方体攻击，一种选择明文代数密码分析技术，通过单项式归约离线获取等价系统；立方体插值在变量空间中可以检索线性多项式系统，因此可以在在线阶段利用它来恢复密钥。自推出以来，这种攻击受到了加密社区的许多批评和认可；这项工作旨在通过将贡献分为五类，以统一的符号对最近的发展进行完整的最新回顾。我们通过对风筝攻击框架的深入描述来结束这项工作，风筝攻击框架是一种对 GPU 实施立方体攻击的独立于密码的工具。采用Mickey2.0作为展示柜。