A Byte-Based Guess and Determine Attack on SOSEMANUK
نویسندگان
چکیده
SOSEMANUK is a software-oriented stream cipher proposed by C. Berbain et al for the eSTREAM project and has been selected into the final portfolio. It is noticed that most components of SOSEMANUK can be calculated byte-oriented. Hence an attacker can observe SOSEMANUK from the view of byte units instead of the original 32-bit word units. Based on the above idea, in this work we present a new byte-based guess and determine attack on SOSEMANUK, where we view a byte as a basic data unit and guess some certain bytes of the internal states instead of the whole 32-bit words during the execution of the attack. Surprisingly, our attack only needs a few words of known key stream to recover all the internal states of SOSEMANUK, and the time complexity can be dramatically reduced to O(2). Since SOSEMANUK has a key with the length varying from 128 to 256 bits, our results show that when the length of an encryption key is larger than 176 bits, our guess and determine attack is more efficient than an exhaustive key search.
منابع مشابه
New Treatment of the BSW Sampling and Its Applications to Stream Ciphers
By combining the time-memory-data tradeoff (TMDTO) attack independently proposed by Babbage and Golić (BG) with the BSW sampling technique, this paper explores to mount a new TMDTO attack on stream ciphers. The new attack gives a wider variety of trade-offs, compared with original BG-TMDTO attack. It is efficient when multiple data is allowed for the attacker from the same key with different IV...
متن کاملOn the computational complexity of finding a minimal basis for the guess and determine attack
Guess-and-determine attack is one of the general attacks on stream ciphers. It is a common cryptanalysis tool for evaluating security of stream ciphers. The effectiveness of this attack is based on the number of unknown bits which will be guessed by the attacker to break the cryptosystem. In this work, we present a relation between the minimum numbers of the guessed bits and uniquely restricted...
متن کاملDifferential Fault Analysis of Sosemanuk
Sosemanuk is a software-based stream cipher which supports a variable key length of either 128 or 256 bits and 128-bit initial values. It has passed all three stages of the ECRYPT stream cipher project and is a member of the eSTREAM software portfolio. In this paper, we present a fault analysis attack on Sosemanuk. The fault model in which we analyze the cipher is the one in which the attacker ...
متن کاملبهبود حمله حدس و تعیین اکتشافی به سامانه های رمز جریانی TIPSY و SNOW1.0
Guess and determine attacks are general attacks on stream ciphers. These attacks are classified into ad-hoc and Heuristic Guess and Determine (HGD) attacks. One of the Advantages of HGD attack algorithm over ad-hoc attack is that it is designed algorithmically for a large class of stream ciphers while being powerful. In this paper, we use auxiliary polynomials in addition to the original equati...
متن کاملImproved Linear Cryptanalysis of SOSEMANUK
The SOSEMANUK stream cipher is one of the finalists of the eSTREAM project. In this paper, we improve the linear cryptanalysis of SOSEMANUK presented in Asiacrypt 2008. We apply the generalized linear masking technique to SOSEMANUK and derive many linear approximations holding with the correlations of up to 2−25.5. We show that the data complexity of the linear attack on SOSEMANUK can be reduce...
متن کامل