Cryptanalysis of Stream Cipher COS(2, 128) Mode I
نویسندگان
چکیده
Filiol and Fontaine recently proposed a family of stream ciphers named COS. COS is based on nonlinear feedback shift registers and was claimed to be highly secure. Babbage showed that COS (2, 128) Mode II is extremely weak. But Babbage’s attack is very expensive to break the COS (2, 128) Mode I (the complexity is around 2). In this paper, we show that the COS (2, 128) Mode I is very weak. Secret information could be recovered easily with about 2-bit known plaintext.
منابع مشابه
Cryptanalysis of the COS (2, 128) Stream Ciphers
A new family of very fast stream ciphers called COS (for “crossing over system”) has been proposed by Filiol and Fontaine, and seems to have been adopted for at least one commercial standard. COS(2,128) Mode I and COS(2,128) Mode II are particular members of this family for which the authors proposed a cryptanalysis challenge. The ciphers accept secret keys of 256, 192 or 128 bits. In this note...
متن کاملA New Ultrafast Stream Cipher Design: COS Ciphers
This paper presents a new stream cipher family whose output bits are produced by blocks. We particularly focus on the member of this family producing 128-bit blocks with a 256-bit key. The design is based on a new technique called crossing over which allows to vectorize stream ciphering by using nonlinear shift registers. These algorithms offer a very high cryptographic security and much higher...
متن کاملCryptanalysis of Hiji-bij-bij (HBB)
In this paper, we show several known-plaintext attacks on the stream cipher HBB which was proposed recently at INDOCRYPT 2003. The cipher can operate either as a classical stream cipher in the “B mode” or as an asynchronous stream cipher in the “SS mode”. In the case of the SS mode, we present known-plaintext attacks recovering 128-bit key with the complexity 2 and 256-bit key with the complexi...
متن کاملCryptanalysis of Pomaranch
Pomaranch [3] is a synchronous stream cipher submitted to eSTREAM, the ECRYPT Stream Cipher Project. The cipher is constructed as a cascade clock control sequence generator, which is based on the notion of jump registers. In this paper we present an attack which exploits the cipher's initialization procedure to recover the 128-bit secret key. The attack requires around 2 computations. An improv...
متن کاملEnhanced Cryptanalysis of Substitution Cipher Chaining mode (SCC-128)
In this paper, we present an enhanced cryptanalysis of the Substitution Cipher Chaining mode (SCC) [1]. In [2], SCC-128 (SCC which uses AES with 128-bit key) was broken using 5 attacks, where the authors used an active attack model (where the attacker can force the disk encryption application to re-encrypt a sector for her), the complexity of these attacks are at most 2 cipher executions. In th...
متن کامل