Cryptanalysis of Achterbahn-128/80
نویسنده
چکیده
This paper presents two key-recovery attacks against Achterbahn-128/80, the last version of one of the stream cipher proposals in the eSTREAM project. The attack against the 80-bit variant, Achterbahn80, has complexity 2. The attack against Achterbahn-128 requires 2 operations and 2 keystream bits. These attacks are based on an improvement of the attack due to Hell and Johansson against Achterbahn version 2. They mainly rely on an algorithm that makes pro t of the independence of the constituent registers.
منابع مشابه
Cryptanalysis of Achterbahn-128/80 with a New Keystream Limitation
This paper presents two key-recovery attacks against the last modi cation to Achterbahn-128/80 proposed by the authors at SASC 2007 due to the previous attacks. The 80-bit variant, Achterbahn-80, has been limited to produce at most 2 bits of keystream with the same pair of key and IV, while Achterbahn-128 is limited to 2. The attack against Achterbahn-80 has complexity 2 and needs fewer than 2 ...
متن کاملCryptanalyse de Achterbahn-128/80
This paper presents two attacks against Achterbahn-128/80, the last version of one of the stream cipher proposals in the eSTREAM project. The attack against the 80-bit variant, Achterbahn-80, has complexity 2^{56.32}. The attack against Achterbahn-128 requires 2^{75.4} operations and 2^{61} keystream bits. These attacks are based on an improvement of the attack due to Hell and Johansson against...
متن کاملCryptanalysis of Achterbahn-128/80
A key recovery attack on the stream cipher Achterbahn128/80, a cipher in the second phase of eSTREAM, is given. The key observation is a high dependency between some input bits to the Boolean combining function generating the keystream. It results in the first known attacks on both the 128-bit and the 80-bit variants of the cipher. The amount of keystream bits required in the attacks is less th...
متن کاملAchterbahn-128/80: Design and Analysis
We determine the imbalances of the keystreams produced by Achterbahn-80 and Achterbahn-128 in two different ways. The number of cyclically inequivalent keystreams produced by the keystream generators of Achterbahn-80 and Achterbahn-128 is determined. An abstract model for the keystream generator of a primitive NLFSR combination generator is used to justify the correlation attack introduced in [...
متن کاملFault Analysis on the Stream Ciphers LILI-128 and Achterbahn
LILI-128 is a clock controlled stream cipher based on two LFSRs with one clock control function and one non-linear filter function. The clocking of the second LFSR is controlled by the first LFSR. In this paper we propose a fault algebraic attack on LILI-128 stream cipher. We first recover the state bits of the first LFSR by injecting a single bit fault in the first LFSR. After that we recover ...
متن کامل