Fast Algebraic Attacks on Stream Ciphers with Linear Feedback
نویسنده
چکیده
Many popular stream ciphers apply a filter/combiner to the state of one or several LFSRs. Algebraic attacks on such ciphers [10, 11] are possible, if there is a multivariate relation involving the key/state bits and the output bits. Recent papers by Courtois, Meier, Krause and Armknecht [1, 2, 10, 11] show that such relations exist for several well known constructions of stream ciphers immune to all previously known attacks. In particular, they allow to break two ciphers using LFSRs and completely “well designed” Boolean functions: Toyocrypt and LILI-128, see [10, 11]. Surprisingly, similar algebraic attacks exist also for the stateful combiner construction used in Bluetooth keystream generator E0 [1]. More generally, in [2] it is proven that they can break in polynomial time, any combiner with a fixed number of inputs and a fixed number of memory bits. In this paper we present a method that allows to substantially reduce the complexity of all these attacks. We show that when the known keystream bits are consecutive, an important part of the equations will have a recursive structure, and this allows to partially replace the usual sub-cubic Gaussian algorithms for eliminating the monomials, by a much faster, essentially linear, version of the Berlekamp-Massey algorithm. The new method gives the fastest attack proposed so far for Toyocrypt, LILI-128 and the keystream generator that is used in E0 cipher. Moreover we present two new fast general algebraic attacks for stream ciphers using Boolean functions, applicable when the degree and/or the number of inputs is not too big.
منابع مشابه
Algebraic Attacks on Stream Ciphers (survey)
Most stream ciphers based on linear feedback shift registers (LFSR) are vulnerable to recent algebraic attacks. In this survey paper, we describe generic attacks: existence of algebraic equations and fast algebraic attacks. The generic attacks only states the existence and gives the upper bound of the complexity. Thus we should find good algebraic equations, case by case, in order to apply the ...
متن کاملCombining Certain Nonlinear Feedback Shift Registers
Stream ciphers that deploy linear feedback shift registers (LFSRs) have been shown to be vulnerable under fast correlation attacks [20], [21], [14], algebraic attacks [7], [28], fast algebraic attacks [6], [1], and fault attacks [13]. We discuss certain nonlinear feedback shift registers (NLFSRs) recommended as substitutes for LFSRs in stream cipher systems.
متن کاملAnalysis of Lightweight Stream Ciphers
Stream ciphers are fast cryptographic primitives to provide confidentiality of electronically transmitted data. They can be very suitable in environments with restricted resources, such as mobile devices or embedded systems. Practical examples are cell phones, RFID transponders, smart cards or devices in sensor networks. Besides efficiency, security is the most important property of a stream ci...
متن کاملAlgebraic Attacks on Combiners with Memory and Several Outputs
Algebraic attacks on stream ciphers [9] recover the key by solving an overdefined system of multivariate equations. Such attacks can break several interesting cases of LFSR-based stream ciphers, when the output is obtained by a Boolean function, see [9– 11]. Recently this approach has been successfully extended also to combiners with memory, provided the number of memory bits is small, see [1, ...
متن کاملAn Analysis of the RC4 Family of Stream Ciphers against Algebraic Attacks
To date, most applications of algebraic analysis and attacks on stream ciphers are on those based on linear feedback shift registers (LFSRs). In this paper, we extend algebraic analysis to non-LFSR based stream ciphers. Specifically, we perform an algebraic analysis on the RC4 family of stream ciphers, an example of stream ciphers based on dynamic tables, and investigate its implications to pot...
متن کامل