Paul Stankovski scite author profile

Abstract. We present the concept of greedy distinguishers and show how some simple observations and the well known greedy heuristic can be combined into a very powerful strategy (the Greedy Bit Set Algorithm) for efficient and systematic construction of distinguishers and nonrandomness detectors. We show how this strategy can be applied to a large array of stream and block ciphers, and we show that our method outperforms every other method we have seen so far by presenting new and record-breaking results for Trivium, Grain-128 and Grain v1. We show that the greedy strategy reveals weaknesses in Trivium reduced to 1026 (out of 1152) initialization rounds using 2 45 complexity -a result that significantly improves all previous efforts. This result was further improved using a cluster; 1078 rounds at 2 54 complexity. We also present an 806-round distinguisher for Trivium with 2 44 complexity. Distinguisher and nonrandomness records are also set for Grain-128. We show nonrandomness for the full Grain-128 with its 256 (out of 256) initialization rounds, and present a 246-round distinguisher with complexity 2 42 . For Grain v1 we show nonrandomness for 96 (out of 160) initialization rounds at the very modest complexity of 2 7 , and a 90-round distinguisher with complexity 2 39 . On the theoretical side we define the Nonrandomness Threshold, which explicitly expresses the nature of the randomness limit that is being explored.

show abstract

Coded-BKW: Solving LWE Using Lattice Codes

Guo

Johansson

Stankovski

2015

View full text Add to dashboard Cite

Coded-BKW with Sieving

Guo

Johansson

Mårtensson

et al. 2017

View full text Add to dashboard Cite

Improved distinguishers for HC-128

Stankovski

Ruj

Hell

et al. 2011

Des. Codes Cryptogr.

View full text Add to dashboard Cite

HC-128 is an eSTREAM final portfolio stream cipher. Several authors have investigated its security and, in particular, distinguishing attacks have been considered. Still, no one has been able to provide a distinguisher stronger than the one presented by Wu in the original HC-128 paper. In this paper we first argue that the keystream requirement in Wu's original attack is underestimated by a factor of almost 2 8 . Our revised analysis shows that the keystream complexity of Wu's original attack is 2 160.471 32-bit keystream blocks. We then go on to investigate two new types of distinguishers on HC-128. One of them, a distinguisher counting the number of zeros in created blocks of bits, gives a biased distribution that requires 2 143.537 such constructed block samples (2 152.537 32-bit keystream blocks). For fairness, the same metric is used to compare our attack to Wu's, and our improvement is significant compared to Wu's original result. Furthermore, the vector-based methodology used is general and can be applied to any cryptographic primitive that reveals a suitable probability distribution.

show abstract

An Efficient State Recovery Attack on X-FCSR-256

Stankovski

Hell

Johansson

2009

View full text Add to dashboard Cite

Improved Greedy Nonrandomness Detectors for Stream Ciphers

Karlsson

Hell

Stankovski

2017

View full text Add to dashboard Cite

Abstract:We consider the problem of designing distinguishers and nonrandomness detectors for stream ciphers using the maximum degree monomial test. We construct an improved algorithm to determine the subset of key and IV-bits used in the test. The algorithm is generic, and can be applied to any stream cipher. In addition to this, the algorithm is highly tweakable, and can be adapted depending on the desired computational complexity. We test the algorithm on the stream ciphers Grain-128a and Grain-128, and achieve significantly better results compared to an earlier greedy approach.

show abstract

12 3

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

334 Leonard St

Brooklyn, NY 11211

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Paul Stankovski

A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors

A Reaction Attack on the QC-LDPC McEliece Cryptosystem

Greedy Distinguishers and Nonrandomness Detectors

Coded-BKW: Solving LWE Using Lattice Codes

Coded-BKW with Sieving

Improved distinguishers for HC-128

An Efficient State Recovery Attack on X-FCSR-256

Improved Greedy Nonrandomness Detectors for Stream Ciphers

Contact Info

Product

Resources

About