At EUROCRYPT 2015, Dinur et al. proposed cube-attack-like cryptanalysis on reduced-round Keccak. The process of recovering the key is divided into the preprocessing and the online phase. The preprocessing phase is setting a look-up table by computing the cube sum of involved key bits. The online phase is computing the cube sum of auxiliary variables and recording the matching values in the table as candidates. Auxiliary variables help balance the complexity of the two phases by reducing the number of involved key bits. Following this idea, a series of works has been presented, mainly focusing on a better selection of cube variables, auxiliary variables and involved key bits.

We provide new methods to select auxiliary variables and involved key bits. The first step is to get a precise algebraic expression of each bit after one round permutation. Then, combined with the corresponding constraints on these variables, we can construct a Mixed-integer Linear Programming (MILP) model. Secondly, unlike the previous idea that auxiliary variables are chosen to satisfy the CP-kernel property just for the consideration of controlling diffusion, we cancel this restriction and adopt a more skilled selection of auxiliary variables. Based on these two steps, we improve the cube-attack-like cryptanalysis in terms of the complexity.

在2015年EUROCRYPT会议上，Dinur等人。提出了在缩小回合Keccak上类似立方体攻击的密码分析。恢复密钥的过程分为预处理阶段和在线阶段。预处理阶段是通过计算涉及的关键位的立方和来设置查找表。在线阶段正在计算辅助变量的立方和，并将匹配值记录在表中作为候选值。辅助变量通过减少所涉及的关键位数来帮助平衡两个阶段的复杂性。按照这个想法，提出了一系列工作，主要集中在更好地选择多维数据集变量，辅助变量和所涉及的关键位上。

我们提供了选择辅助变量和涉及的关键位的新方法。第一步是在一轮置换后获得每个位的精确代数表达式。然后，结合对这些变量的相应约束，我们可以构建混合整数线性规划（MILP）模型。其次，与先前出于控制扩散的考虑选择辅助变量以满足CP内核属性的想法不同，我们取消了此限制，并采用了更为熟练的辅助变量选择。基于这两个步骤，我们在复杂性方面改进了类似于多维数据集攻击的密码分析。