Differential Attacks against the Helix Stream Cipher
نویسنده
چکیده
In this paper, we analyze the security of the stream cipher Helix, recently proposed at FSE’03. Helix is a high-speed asynchronous stream cipher, with a built-in MAC functionality. We analyze the differential properties of its keystream generator and describe two new attacks. The first attack requires 2 basic operations and processes only 2 words of chosen plaintext in order to recover the secret key for any length up to 256 bits. However, it assumes the attacker can force nonces to be used twice. Our second attack relies on weaker assumptions. It is a distinguishing attack that detects internal state collisions after 2 words of chosen plaintext.
منابع مشابه
Differential-Linear Attacks against the Stream
The previous key recovery attacks against Helix obtain the key with about 2 operations using chosen nonces (reusing nonce) and about 1000 adaptively chosen plaintext words (or 2 chosen plaintext words). The stream cipher Phelix is the strengthened version of Helix. In this paper we apply the differential-linear cryptanalysis to recover the key of Phelix. With 2 chosen nonces and 2 chosen plaint...
متن کاملDifferential-Linear Attacks Against the Stream Cipher Phelix
The previous key recovery attacks against Helix obtain the key with about 2 operations using chosen nonces (reusing nonce) and about 1000 adaptively chosen plaintext words (or 2 chosen plaintext words). The stream cipher Phelix is the strengthened version of Helix. In this paper we apply the differential-linear cryptanalysis to recover the key of Phelix. With 2 chosen nonces and 2 chosen plaint...
متن کاملTotal break of Zorro using linear and differential attacks
An AES-like lightweight block cipher, namely Zorro, was proposed in CHES 2013. While it has a 16-byte state, it uses only 4 S-Boxes per round. This weak nonlinearity was widely criticized, insofar as it has been directly exploited in all the attacks on Zorro reported by now, including the weak key, reduced round, and even full round attacks. In this paper, using some properties discovered by Wa...
متن کاملSide-Channel Analysis of the K2 Stream Cipher
In this paper we provide the first side-channel analysis of the K2 stream cipher. K2 is a fast and secure stream cipher built upon the strengths of SNOW 2.0. We apply timing attacks, power analysis, and differential fault analysis to K2. We show that naively implemented K2 is vulnerable to cache-timing attacks, and describe how to implement efficient countermeasures to protect K2 against side-c...
متن کاملFault Analysis of the ChaCha and Salsa Families of Stream Ciphers
We present a fault analysis study of the ChaCha and Salsa families of stream ciphers. We first show that attacks like differential fault analysis that are common in the block cipher setting are not applicable against these families of stream ciphers. Then we propose two novel fault attacks that can be used against any variant of the ciphers. We base our attacks on two different fault models: th...
متن کامل