Rewriting Variables: The Complexity of Fast Algebraic Attacks on Stream Ciphers

Hawkes, Peter; Rose, Gregory G.

doi:10.1007/978-3-540-28628-8_24

Cited by 94 publications

(60 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Indeed, if one can find g of low degree and h = 0 of reasonable degree such that f * g = h, then a fast algebraic attack is feasible, see [13,1,24] (note however that fast algebraic attacks need more data than standard ones). This has been exploited in [14] to present an attack on SFINKS [4] and we can say that with this attack, which comes in addition to the standard algebraic attack, Courtois has made very difficult the work of the designer.…”

Section: Preliminariesmentioning

confidence: 99%

An Infinite Class of Balanced Functions with Optimal Algebraic Immunity, Good Immunity to Fast Algebraic Attacks and Good Nonlinearity

Carlet

Feng

2008

Lecture Notes in Computer Science

159

145

View full text Add to dashboard Cite

Abstract. After the improvement by Courtois and Meier of the algebraic attacks on stream ciphers and the introduction of the related notion of algebraic immunity, several constructions of infinite classes of Boolean functions with optimum algebraic immunity have been proposed. All of them gave functions whose algebraic degrees are high enough for resisting the Berlekamp-Massey attack and the recent Rønjom-Helleseth attack, but whose nonlinearities either achieve the worst possible value (given by Lobanov's bound) or are slightly superior to it. Hence, these functions do not allow resistance to fast correlation attacks. Moreover, they do not behave well with respect to fast algebraic attacks. In this paper, we study an infinite class of functions which achieve an optimum algebraic immunity. We prove that they have an optimum algebraic degree and a much better nonlinearity than all the previously obtained infinite classes of functions. We check that, at least for small values of the number of variables, the functions of this class have in fact a very good nonlinearity and also a good behavior against fast algebraic attacks.

show abstract

Section: Preliminariesmentioning

confidence: 99%

An Infinite Class of Balanced Functions with Optimal Algebraic Immunity, Good Immunity to Fast Algebraic Attacks and Good Nonlinearity

Carlet

Feng

2008

Lecture Notes in Computer Science

159

145

View full text Add to dashboard Cite

show abstract

“…It is a lightweight and efficient cryptographic primitive for ensure confidentiality of transmitted data between two communicated pairs. It proves its robustness by its ability to resist against attacks [3][4] [7] [14]. It has a wide application area especially in mobile devices and embedded systems.…”

Section: Preliminarymentioning

confidence: 99%

A Synchronous Stream Cipher Generator Based on Quadratic Fields (SSCQF)

Asimi¹,

Asimi²

2015

ijacsa

View full text Add to dashboard Cite

“…The detailed complexities of each step are shown in Table 10. A comparison of our attacks with the similar attack 14 [16] and the best attacks [14,25] (both were algebraic attacks) is shown in Table 11 for Case A and B. Experimental Results with w = 1 We did the small-scale experiment to verify our analysis in Section 5 on the keystream { 4 i=2 (x i t ⊕ z t )} instead of {z t } to save the trouble of searching the multiple Q(x) of Second, we choose some random x 1 , then compute the corresponding average and variance of N (x 1 ) ζ over allx 1 = x 1 individually, it turned out 14 The estimate of data complexity in [16] uses a different heuristic formula than ours.…”

Section: The Key-recovery Attackmentioning

confidence: 99%

Cryptanalysis of an E0-like Combiner with Memory

Vaudenay

2007

J Cryptol

View full text Add to dashboard Cite

Abstract. In this paper, we study an E0-like combiner with memory as the keystream generator. First, we formulate a systematic and simple method to compute correlations of the FSM output sequences (up to certain bits). An upper bound of the correlations is given, which is useful to the designer. Second, we show how to build either a uni-bias-based or multi-bias-based distinguisher to distinguish the keystream produced by the combiner from a truly random sequence, once correlations are found. The data complexity of both distinguishers is carefully analyzed for performance comparison. We show that the multi-bias-based distinguisher outperforms the uni-bias-based distinguisher only when the patterns of the largest biases are linearly dependent. The keystream distinguisher is then upgraded for use in the key-recovery attack. The latter actually reduces to the well-known Maximum Likelihood Decoding (MLD) problem given the keystream long enough. We devise an algorithm based on Fast Walsh Transform (FWT) to solve the MLD problem for any linear code with dimension L and length n within time O(n + L · 2 L ). Meanwhile, we summarize a design criterion for our E0-like combiner with memory to resist the proposed attacks.

show abstract

Rewriting Variables: The Complexity of Fast Algebraic Attacks on Stream Ciphers

Cited by 94 publications

References 10 publications

An Infinite Class of Balanced Functions with Optimal Algebraic Immunity, Good Immunity to Fast Algebraic Attacks and Good Nonlinearity

An Infinite Class of Balanced Functions with Optimal Algebraic Immunity, Good Immunity to Fast Algebraic Attacks and Good Nonlinearity

A Synchronous Stream Cipher Generator Based on Quadratic Fields (SSCQF)

Cryptanalysis of an E0-like Combiner with Memory

Contact Info

Product

Resources

About