Cryptanalysis of Hardware-Oriented Ciphers the Knapsack Generator, and SHA-1

Symmetric key cryptographic algorithms provide confidentiality, integrity, and authentication in modern communication systems. Our confidence in these algorithms is largely based on the fact that intense cryptanalysis has been carried out over several years without revealing any weakness. This thesis makes three independent contributions to the cryptanalysis of symmetric key primitives and hash functions. First, conditional differential cryptanalysis is proposed as a general framework for the analysis of a large class of hardware-oriented ciphers that build on non-linear feedback shift registers. As main applications, various improved distinguishing and key recovery attacks on reduced-round variants of the stream ciphers Grain v1, Grain-128, Grain-128a, and Trivium are obtained. Second, the security of the knapsack generator, a stream cipher construction proposed by Rueppel and Massey in 1985, is studied. A surprisingly effective guess-and-determine attack is shown that recovers large parts of the n + n secret key bits if only n bits are known. Quite different from standard techniques of symmetric cryptanalysis, our approach uses Babai’s closest vertex algorithm and lattice reduction. Finally, meet-in-the-middle preimage attacks on hash functions are revisited. A new differential cryptanalytic perspective is proposed which is very suitable for hash functions with linear message expansion. As an application, previous preimage attacks against reduced variants of SHA-1 are significantly improved.