Linear Approximations for 2-round Trivium
نویسندگان
چکیده
Trivium, designed by De Cannière and Preneel, is one of the focus ciphers of Phase II for the eSTREAM project. In this paper, we model the initialization part of Trivium as an 8-round function where each round consists of 144 Trivium clocks, and analyze the security margin in terms of number of rounds. This is an open question. Nevertheless, we give some partial answers. As one example, we apply Matsui’s linear cryptanalysis to 2-round Trivium and give a linear approximation with bias 2−31. In addition, we analyze the completeness property of the initialization function. We propose a new input to the initialization of Trivium that has better diffusion properties. However, the security margin of the new proposal is also an open question. We conjecture that an R-round Trivium is secure if each register bit is affected by all the key and IV bits in R round.
منابع مشابه
Quavium - A New Stream Cipher Inspired by Trivium
This paper is concerned with an extensive form of stream cipher Trivium. Trivium is extended to a scalable form by the coupling connection of Trivium-like shift registers. The characteristic polynomial of k Trivium-like shift registers in coupling connection is proved to have a factor of (1+x). So k-order primitive polynomials are defined in this paper. As the main contribution, a new stream ci...
متن کاملOn the multi _ chi-square tests and their data complexity
Chi-square tests are generally used for distinguishing purposes; however when they are combined to simultaneously test several independent variables, extra notation is required. In this study, the chi-square statistics in some previous works is revealed to be computed half of its real value. Therefore, the notion of Multi _ Chi-square tests is formulated to avoid possible future confusions. In ...
متن کاملLinear Sequential Circuit Approximation of Grain and Trivium Stream Ciphers
Grain and Trivium are two hardware oriented synchronous stream ciphers proposed as the simplest candidates to the ECRYPT Stream Cipher Project, both dealing with 80-bit secret keys. In this paper we apply the linear sequential circuit approximation method to evaluate the strength of these stream ciphers against distinguishing attack. In this approximation method which was initially introduced b...
متن کاملCube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium
CRYPTO 2008 saw the introduction of the hash function MD6 and of cube attacks, a type of algebraic attack applicable to cryptographic functions having a low-degree algebraic normal form over GF(2). This paper applies cube attacks to reduced round MD6, finding the full 128-bit key of a 14-round MD6 with complexity 2 (which takes less than a minute on a single PC). This is the best key recovery a...
متن کاملLinear Sequential Circuit Approximation of the TRIVIUM Stream Cipher
Abstract TRIVIUM is the simplest ECRYPT Stream Cipher project Candidate which deals with key and IV of length 80. Using the sequential Circuit Approximation method, introduced by Golic in 94, we derive a linear function of consecutive keystream bits which is hold with correlation coefficient of about 2. This shows that TRIVIUM is strong against linear sequential circuit approximation attack in ...
متن کامل