Orhun Kara scite author profile

The internal state size of a stream cipher is supposed to be at least twice the key length to provide resistance against the conventional Time-Memory-Data (TMD) tradeoff attacks. This well adopted security criterion seems to be one of the main obstacles in designing, particularly, ultra lightweight stream ciphers. At FSE 2015, Armknecht and Mikhalev proposed an elegant design philosophy for stream ciphers as fixing the key and dividing the internal states into equivalence classes where any two different keys always produce non-equivalent internal states. The main concern in the design philosophy is to decrease the internal state size without compromising the security against TMD tradeoff attacks. If the number of equivalence classes is more than the cardinality of the key space, then the cipher is expected to be resistant against TMD tradeoff attacks even though the internal state (except the fixed key) is of fairly small length. Moreover, Armknecht and Mikhalev presented a new design, which they call Sprout, to embody their philosophy. In this work, ironically, we mount a TMD tradeoff attack on Sprout within practical limits using 2 d output bits in 2 71−d encryptions of Sprout along with 2 d table lookups. The memory complexity is 2 86−d where d ≤ 40. In one instance, it is possible to recover the key in 2 31 encryptions and 2 40 table lookups if we have 2 40 bits of keystream output by using tables of 770 Terabytes in total. The offline phase of preparing the tables consists of solving roughly 2 41.3 systems of linear equations with 20 unknowns and an effort of about 2 35 encryptions. Furthermore, we mount a guess-and-determine attack having a complexity about 2 68 encryptions with negligible data and memory. We have verified our attacks by conducting several experiments. Our results show that Sprout can be practically broken.

show abstract

Fixed Points of Special Type and Cryptanalysis of Full GOST

Kara

Karakoç

2012

View full text Add to dashboard Cite

On Analysis of Lightweight Stream Ciphers with Keyed Update

Kara

Esgin

2019

IEEE Trans. Comput.

View full text Add to dashboard Cite

A New Class of Weak Keys for Blowfish

Kara

Manap

View full text Add to dashboard Cite

Abstract. The reflection attack is a recently discovered self similarity analysis which is usually mounted on ciphers with many fixed points. In this paper, we describe two reflection attacks on r-round Blowfish which is a fast, software oriented encryption algorithm with a variable key length k. The attacks work successfully on approximately 2 k+32−16r number of keys which we call reflectively weak keys. We give an almost precise characterization of these keys. One interesting result is that 2 34 known plaintexts are enough to determine if the unknown key is a reflectively weak key, for any key length and any number of rounds. Once a reflectively weak key is identified, a large amount of subkey information is revealed with no cost. Then, we recover the key in roughly r · 2 16r+22 steps. Furthermore, it is possible to improve the attack for some key lengths by using memory to store all reflectively weak keys in a table in advance. The pre-computation phase costs roughly r · 2 k−11 steps. Then the unknown key can be recovered in 2 (k+32−16r)/64 steps. As an independent result, we improve Vaudenay's analysis on Blowfish for reflectively weak keys. Moreover, we propose a new success criterion for an attack working on some subset of the key space when the key generator is random.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Orhun Kara

Reflection Cryptanalysis of Some Ciphers

Practical Cryptanalysis of Full Sprout with TMD Tradeoff Attacks

Fixed Points of Special Type and Cryptanalysis of Full GOST

On Analysis of Lightweight Stream Ciphers with Keyed Update

A New Class of Weak Keys for Blowfish

Contact Info

Product

Resources

About