Correlated Keystreams in Moustique
نویسندگان
چکیده
Moustique is one of the sixteen finalists in the eSTREAM stream cipher project. Unlike the other finalists it is a self-synchronising cipher and therefore offers very different functional properties, compared to the other candidates. We present simple related-key phenomena in Moustique that lead to the generation of strongly correlated keystreams and to powerful key-recovery attacks. Our best key-recovery attack requires only 2 steps in the related-key scenario. Since the relevance of related-key properties is sometimes called into question, we also show how the described effects can help speed up exhaustive search (without related keys), thereby reducing the effective key length of Moustique from 96 bits to 90 bits.
منابع مشابه
The Self-synchronizing Stream Cipher Moustique
We present a design approach for hardware-oriented selfsynchronizing stream ciphers and illustrate it with a concrete design called Moustique. The latter is intended as a research cipher: it proves that the design approach can lead to concrete results and will serve as a target for cryptanalysis where new attacks may lead to improvements in the design approach such as new criteria for the ciphe...
متن کاملDifferential Attacks against Stream Cipher ZUC
Stream cipher ZUC is the core component in the 3GPP confidentiality and integrity algorithms 128-EEA3 and 128-EIA3. In this paper, we present the details of our differential attacks against ZUC 1.4. The vulnerability in ZUC 1.4 is due to the non-injective property in the initialization, which results in the difference in the initialization vector being cancelled. In the first attack, difference...
متن کاملPredicting and Distinguishing Attacks on RC4 Keystream Generator
In this paper we analyze the statistical distribution of the keystream generator used by the stream ciphers RC4 and RC4A. Our first result is the discovery of statistical biases of the digraphs distribution of RC4/RC4A generated streams, where digraphs tend to repeat with short gaps between them. We show how an attacker can use these biased patterns to distinguish RC4 keystreams of 2 bytes and ...
متن کاملFPGA Implementation of an Improved Attack against the DECT Standard Cipher
The DECT Standard Cipher (DSC) is a proprietary stream cipher used for enciphering payload of DECT transmissions such as cordless telephone calls. The algorithm was kept secret, but a team of cryptologists reverse-engineered it and published a way to reduce the key space when enough known keystreams are available [4]. The attack consists of two phases: At first, the keystreams are analyzed to b...
متن کاملA Chaotic Cipher Mmohocc and Its Randomness Evaluation
After a brief introduction to a new chaotic stream cipher Mmohocc which utilizes the fundamental chaos characteristics of mixing, unpredictability, and sensitivity to initial conditions, we conducted the randomness statistical tests against the keystreams generated by the cipher. Two batteries of most stringent randomness tests, namely the NIST Suite and the Diehard Suite, were performed. The r...
متن کامل