Algebraic Attacks on SOBER-t32 and SOBER-t16 without Stuttering
نویسندگان
چکیده
This paper presents algebraic attacks on SOBER-t32 and SOBER-t16 without stuttering. For unstuttered SOBER-t32, two different attacks are implemented. In the first attack, we obtain multivariate equations of degree 10. Then, an algebraic attack is developed using a collection of output bits whose relation to the initial state of the LFSR can be described by low-degree equations. The resulting system of equations contains 2 equations and monomials, which can be solved using the Gaussian elimination with the complexity of 2. For the second attack, we build a multivariate equation of degree 14. We focus on the property of the equation that the monomials which are combined with output bit are linear. By applying the Berlekamp-Massey algorithm, we can obtain a system of linear equations and the initial states of the LFSR can be recovered. The complexity of attack is around O(2) with 2 keystream observations. The second algebraic attack is applicable to SOBER-t16 without stuttering. The attack takes around O(2) CPU clocks with 2 keystream observations.
منابع مشابه
Distinguishing Attacks on SOBER-t16 and t32
Two ways of mounting distinguishing attacks on two similar stream ciphers, SOBER-t16 and SOBER-t32, are proposed. It results in distinguishing attacks faster than exhaustive key search on full SOBERt16 and on SOBER-t32 without stuttering.
متن کاملCryptanalysis of SOBER-t32
Sober-t32 is a candidate stream cipher in the NESSIE competition. Some new attacks are presented in this paper. A Guess and Determine attack is mounted against Sober-t32 without the decimation of the key stream by the so-called stuttering phase. Also, two distinguishing attacks are mounted against full Sober-t32. These attacks are not practically feasible, but they are theoretically more effici...
متن کاملNew Results on Cryptanalysis of Stream Ciphers
Stream ciphers are cryptographic primitives that ensure the confidentiality of communications. In this thesis, we study several attacks on stream ciphers. For practical applications, the candidates of stream ciphers of NESSIE and eSTREAM projects are scrutinized. Firstly, the algebraic attacks on SOBER-t32 and SOBER-t16 stream ciphers are performed under the assumption that the stuttering phase...
متن کاملThe t-Class of SOBER Stream Ciphers
This paper proposes the t-class of SOBER stream ciphers: t8, t16 and t32. t8, t16 and t32 offer 64-, 128and 256-bit key strength respectively. The t-class ciphers are based on the same principles as the original SOBER family: SOBER [17], SOBER-II [18], S16 and S32 [19], utilising the structure SOBER-II and S16 are based. The t-class ciphers are software stream ciphers designed for software impl...
متن کاملLinearity Properties of the SOBER-t32 Key Loading
In the course of the evaluation of the stream cipher SOBER-t32 submitted to NESSIE, a correlation between initial states has been found for related keys. With high probability some sums of bits of the initial state after key loading do not change their value when a bit of the key is inverted. This holds also for the loading of frame keys. It is shown that the required condition for the frame ke...
متن کامل