Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers
نویسندگان
چکیده
In 1980 Hellman introduced a general technique for breaking arbitrary block ciphers with N possible keys in time T and memory M related by the tradeoff curve TM = N for 1 ≤ T ≤ N . Recently, Babbage and Golic pointed out that a different TM = N tradeoff attack for 1 ≤ T ≤ D is applicable to stream ciphers, where D is the amount of output data available to the attacker. In this paper we show that a combination of the two approaches has an improved time/memory/data tradeoff for stream ciphers of the form TMD = N for any D ≤ T ≤ N . In addition, we show that stream ciphers with low sampling resistance have tradeoff attacks with fewer table lookups and a wider choice of parameters.
منابع مشابه
Cryptanalytic Time-Memory-Data Tradeoffs for FX-Constructions with Applications to PRINCE and PRIDE
The FX-construction was proposed in 1996 by Kilian and Rogaway as a generalization of the DESX scheme. The construction increases the security of an n-bit core block cipher with a κ-bit key by using two additional n-bit masking keys. Recently, several concrete instances of the FX-construction were proposed, including PRINCE (proposed at Asiacrypt 2012) and PRIDE (proposed at CRYPTO 2014). These...
متن کاملStream ciphers and the eSTREAM project
Stream ciphers are an important class of symmetric cryptographic algorithms. The eSTREAM project contributed significantly to the recent increase of activity in this field. In this paper, we present a survey of the eSTREAM project. We also review recent time/memory/data and time/memory/key trade-offs relevant for the generic attacks on stream ciphers.
متن کاملCryptanalytic Time/memory/data Tradeoos for Stream Ciphers
In 1980 Hellman introduced a general technique for breaking arbitrary block ciphers with N possible keys in time T and memory M related by the tradeoo curve T M 2 = N 2 for 1 T N. Recently, Babbage and Golic pointed out that a diierent T M = N tradeoo attack for 1 T D is applicable to stream ciphers, where D is the amount of output data available to the attacker. In this paper we show that a co...
متن کاملReal Time Cryptanalysis of Bluetooth Encryption with Condition Masking - (Extended Abstract)
The Bluetooth standard authorized by IEEE 802.15.1 adopts the two-level E0 stream cipher to protect short range privacy in wireless networks. The best published attack on it at Crypto 2005 requires 2 on-line computations, 2 off-line computations and 2 memory (which amount to about 19-hour, 37-hour and 64GB storage in practice) to restore the original encryption key, given the first 24 bits of 2...
متن کاملLinearisation Attacks on FCSR-based Stream Ciphers
This paper presents a new class of cryptanalytic attacks, which are applicable against those binary additive synchronous stream ciphers, whose analysis theory is based on the properties of 2-adic numbers. These attacks are named as ‘Linearisation Attacks’. Linearisation attacks consist of three variants, which are referred as ‘Conventional Linearisation Attacks (CLAs)’, ‘Fast Linearisation Atta...
متن کامل