A practical state recovery attack on the stream cipher Sablier v1
نویسندگان
چکیده
Sablier is an authenticated encryption cipher submitted to the CAESAR competition, which is composed of the encryption Sablier v1 and the authentication Au. In this work we present a state recovery attack against the encryption Sablier v1 with time complexity about 2 operations and data complexity about 24 of 16-bit keywords. Our attack is practical in the workstation. It is noticed that the update of the internal state of Sablier v1 is invertible, thus our attack can further deduce a key recovery attack and a forgery attack against the authenticated encryption Sablier. The result shows that Sablier v1 is far from the goal of its security design (80-bit level).
منابع مشابه
Fast Near Collision Attack on the Grain v1 Stream Cipher
Grain v1 is one of the 7 finalists selected in the final portfolio by the eSTREAM project. It has an elegant and compact structure, especially suitable for a constrained hardware environment. Though a number of potential weaknesses have been identified, no key recovery attack on the original design in the single key model has been found yet. In this paper, we propose a key recovery attack, call...
متن کاملSome Results on Sprout
Sprout is a lightweight stream cipher proposed by Armknecht and Mikhalev at FSE 2015. It has a Grain-like structure with two State Registers of size 40 bits each, which is exactly half the state size of Grain v1. In spite of this, the cipher does not appear to lose in security against generic Time-MemoryData Tradeoff attacks due to the novelty of its design. In this paper, we first present impr...
متن کاملCryptanalysis of the Stream Cipher ABC v2
ABC v2 is a software-efficient stream cipher with 128-bit key. In this paper, we apply a fast correlation attack to break ABC v2 with weak keys. There are about 2 weak keys in ABC v2. The complexity to identify a weak key and to recover the internal state of a weak key is low: identifying one weak key from about 2 random keys requires 6460 keystream bytes and 2 operations for each random key. R...
متن کاملCryptanalysis of Grain using Time / Memory / Data Tradeoffs
Grain is a hardware-oriented stream cipher designed by Hell et al., which has been selected as one of three hardware portfolio ciphers by eSTREAM, the ECRYPT Stream Cipher Project. Time / memory / data tradeoffs are a class of generic attacks used to invert general one-way functions. We show that Grain has a low resistance to so-called BSWsampling, leading to generic tradeoffs that in the activ...
متن کاملDifferential Fault Attack on Grain v1, ACORN v3 and Lizard
Differential Fault Attack (DFA) is presently a very well known technique to evaluate security of a stream cipher. This considers that the stream cipher can be weakened by injection of the fault. In this paper we study DFA on three ciphers, namely Grain v1, Lizard and ACORN v3. We show that Grain v1 (an eStream cipher) can be attacked with injection of only 5 faults instead of 10 that has been r...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2014 شماره
صفحات -
تاریخ انتشار 2014