Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers

Fischer, Simon; Khazaei, Shahram; Meier, Willi

doi:10.1007/978-3-540-68164-9_16

Cited by 66 publications

(61 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In the second part of our work we try to shed some light in this direction in a more systematic way. The recently proposed cube attack by Dinur and Shamir [4], which has a strong connection to [7] and the present work, also includes some systematic procedure to find weak public variable bits.…”

Section: Introductionmentioning

confidence: 91%

“…al. [7] developed a method to recover the key faster than by exhaustive search in case F does not properly mix its input bits. The idea is to first identify some bits from C referred to as weak public variable bits and then to consider the coefficient of a monomial involving these weak bits in the algebraic normal form of F .…”

Section: Introductionmentioning

confidence: 99%

“…If this coefficient does not depend on all the unknown bits of K, or it weakly depends on some of them, it can be exploited in an attack. Having modeled the self-synchronizing stream ciphers as the above-mentioned general problem, we consider the T-function based self-synchronizing stream cipher proposed by Klimov and Shamir [8] and use the framework from [7] to deduce some information about the key bits through some striking relations. Finding the weak public variable bits was raised as a crucial open question in [7] which was done mostly by random search there.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

New Directions in Cryptanalysis of Self-Synchronizing Stream Ciphers

Khazaei

Meier

2008

Progress in Cryptology - INDOCRYPT 2008

Self Cite

View full text Add to dashboard Cite

Abstract. In cryptology we commonly face the problem of finding an unknown key K from the output of an easily computable keyed function F (C, K) where the attacker has the power to choose the public variable C. In this work we focus on self-synchronizing stream ciphers. First we show how to model these primitives in the above-mentioned general problem by relating appropriate functions F to the underlying ciphers. Then we apply the recently proposed framework presented at AfricaCrypt'08 by Fischer et. al. for dealing with this kind of problems to the proposed T-function based self-synchronizing stream cipher by Klimov and Shamir at FSE'05 and show how to deduce some non-trivial information about the key. We also open a new window for answering a crucial question raised by Fischer et. al. regarding the problem of finding weak IV bits which is essential for their attack.

show abstract

Section: Introductionmentioning

confidence: 91%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

New Directions in Cryptanalysis of Self-Synchronizing Stream Ciphers

Khazaei

Meier

2008

Progress in Cryptology - INDOCRYPT 2008

Self Cite

View full text Add to dashboard Cite

show abstract

“…The approach we use is similar to the one used in the attacks on the stream ciphers Trivium and Grain in [16]. However, while the results on Trivium and Grain were mostly obtained using simulations, our attack is based on theoretical analysis that combines algebraic and structural properties of Keccak in a novel way.…”

Section: Keystream Prediction For 9-round Keccakmentioning

confidence: 99%

“…However, while the results on Trivium and Grain were mostly obtained using simulations, our attack is based on theoretical analysis that combines algebraic and structural properties of Keccak in a novel way. This analysis enables us to estimate the complexity of the attack beyond the feasible region (in contrast to the simulation-based attack of [16]). …”

Section: Keystream Prediction For 9-round Keccakmentioning

confidence: 99%

Cube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function

Dinur

Morawiecki

Pieprzyk

et al. 2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper, we comprehensively study the resistance of keyed variants of SHA-3 (Keccak) against algebraic attacks. This analysis covers a wide range of key recovery, MAC forgery and other types of attacks, breaking up to 9 rounds (out of the full 24) of the Keccak internal permutation much faster than exhaustive search. Moreover, some of our attacks on the 6-round Keccak are completely practical and were verified on a desktop PC. Our methods combine cube attacks (an algebraic key recovery attack) and related algebraic techniques with structural analysis of the Keccak permutation. These techniques should be useful in future cryptanalysis of Keccak and similar designs. Although our attacks break more rounds than previously published techniques, the security margin of Keccak remains large. For Keyak -a Keccak-based authenticated encryption scheme -the nominal number of rounds is 12 and therefore its security margin is smaller (although still sufficient).

show abstract

Cube Attack

Videau

2011

Encyclopedia of Cryptography and Security

View full text Add to dashboard Cite

Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers

Cited by 66 publications

References 6 publications

New Directions in Cryptanalysis of Self-Synchronizing Stream Ciphers

New Directions in Cryptanalysis of Self-Synchronizing Stream Ciphers

Cube Attacks and Cube-Attack-Like Cryptanalysis on the Round-Reduced Keccak Sponge Function

Cube Attack

Contact Info

Product

Resources

About