A Practical Cryptanalysis of SSC2

نویسندگان

  • Philip Hawkes
  • Frank Quick
  • Gregory G. Rose
چکیده

SSC2 is a stream cipher that operates by XORing the output of two \half-ciphers". The rst half-cipher is constructed from a linear feedback shift register (LFSR) with a non-linear lter. The second half-cipher is constructed from a lagged Fibonacci generator (LFG) and a multiplexor that chooses values from the Fibonacci register. The second half-cipher has a small cycle length 2. By XORing the key-stream at an interval of words, the e ects of the LFR half-cipher are cancelled, leaving only the XOR of outputs of the LFSR half-cipher. Fast correlation attacks can derive the initial state of the LFSR from around 2 words of this sequence using a few hours of computation. The output of the LFSR halfcipher is then removed from the key-stream, leaving the output of the LFR half-cipher. The initial state of the LFG is obtained by identifying when the multiplexor has selected speci c words in the LFG register (this process typically takes around a second, using around 15300 outputs).

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Biclique Cryptanalysis of Block Ciphers LBlock and TWINE-80 with Practical Data Complexity

In the biclique attack, a shorter biclique usually results in less data complexity, but at the expense of more computational complexity. The early abort technique can be used in partial matching part of the biclique attack in order to slightly reduce the computations. In this paper, we make use of this technique, but instead of slight improvement in the computational complexity, we keep the amo...

متن کامل

Extension of Cube Attack with Probabilistic Equations and its Application on Cryptanalysis of KATAN Cipher

Cube Attack is a successful case of Algebraic Attack. Cube Attack consists of two phases, linear equation extraction and solving the extracted equation system. Due to the high complexity of equation extraction phase in finding linear equations, we can extract nonlinear ones that could be approximated to linear equations with high probability. The probabilistic equations could be considered as l...

متن کامل

A new method for accelerating impossible differential cryptanalysis and its application on LBlock

Impossible differential cryptanalysis, the extension of differential cryptanalysis, is one of the most efficient attacks against block ciphers. This cryptanalysis method has been applied to most of the block ciphers and has shown significant results. Using structures, key schedule considerations, early abort, and pre-computation are some common methods to reduce complexities of this attack. In ...

متن کامل

Impossible Differential Cryptanalysis on Deoxys-BC-256

Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round...

متن کامل

The drop height determines neuromuscular adaptations and changes in jump performance in stretch-shortening cycle training.

There is an ongoing discussion about how to improve jump performance most efficiently with plyometric training. It has been proposed that drop height influences the outcome, although longitudinal studies are missing. Based on cross-sectional drop jump studies showing height-dependent Hoffmann (H)-reflex activities, we hypothesized that the drop height should influence the neuromuscular activity...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2001