Distinguishing Attacks on T-Functions
نویسندگان
چکیده
Klimov and Shamir proposed a new class of simple cryptographic primitives named T-functions. For two concrete proposals based on the squaring operation, a single word T-function and a previously unbroken multi-word T-function with a 256-bit state, we describe an efficient distinguishing attack having a 2 data complexity. Furthermore, Hong et al. recently proposed two fully specified stream ciphers, consisting of multi-word T-functions with 128-bit states and filtering functions. We describe distinguishing attacks having a 2 and a 2 data complexity, respectively. The attacks have been implemented.
منابع مشابه
Cryptanalysis of some first round CAESAR candidates
ΑΕS _ CMCCv₁, ΑVΑLΑNCHEv₁, CLΟCv₁, and SILCv₁ are four candidates of the first round of CAESAR. CLΟCv₁ is presented in FSE 2014 and SILCv₁ is designed upon it with the aim of optimizing the hardware implementation cost. In this paper, structural weaknesses of these candidates are studied. We present distinguishing attacks against ΑES _ CMCCv₁ with the complexity of two queries and the success ...
متن کاملBoolean Functions: Cryptography and Applications
In this paper theoretical aspects of multidimensional linear distinguishing attacks are investigated. Using known examples of highly nonlinear Boolean functions we demonstrate how multidimensional linear approximations offer significant reduction in data complexity in distinguishing attacks. We also get concrete examples where one-dimensional linear approximations are never statistically indepe...
متن کاملOn the Impact of Known-Key Attacks on Hash Functions
Hash functions are often constructed based on permutations or blockciphers, and security proofs are typically done in the ideal permutation or cipher model. However, once these random primitives are instantiated, vulnerabilities of these instantiations may nullify the security. At ASIACRYPT 2007, Knudsen and Rijmen introduced known-key security of blockciphers, which gave rise to many distingui...
متن کاملA Comprehensive Security Analysis of the TUAK Algorithm Set
The authentication and key generation functions play a significant role to guarantee security and privacy in cellular mobile communications. MILENAGE is a set of authentication and key generation functions proposed by the 3 Generation Partnership Project (3GPP). Most recently, the 3GPP Task Force proposed a new set of authentication and key generation functions, called TUAK, as an alternative f...
متن کاملA Related-Key Chosen-IV Distinguishing Attack on Full Sprout Stream Cipher
Sprout is a new lightweight stream cipher proposed at FSE 2015. According to its designers, Sprout can resist time-memory-data trade-off (TMDTO) attacks with small internal state size. However, we find a weakness in the updating functions of Sprout and propose a related-key chosen-IV distinguishing attacks on full Sprout. Under the related-key setting, our attacks enable the adversary to detect...
متن کامل