Cryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks

In this paper, we present a correlation attack on Sosemanuk with complexity less than 2. Sosemanuk is a software oriented stream cipher proposed by Berbain et al. to the eSTREAM call for stream cipher and has been selected in the final portfolio. Sosemanuk consists of a linear feedback shift register(LFSR) of ten 32-bit words and a finite state machine(FSM) of two 32-bit words. By combining linear approximation relations regarding the FSM update function, the FSM output function and the keystream output function, it is possible to derive linear approximation relations with correlation −2−21.41 involving only the keystream words and the LFSR initial state. Using such linear approximation relations, we mount a correlation attack with complexity 2 and success probability 99% to recover the initial internal state of 384 bits. We also mount a correlation attack on SNOW 2.0 with complexity 2.