In this paper, we analyze the security of a new stream cipher-COSvd(2,128). This cipher was proposed by E. Filiol et al. at the ECRYPT SASC'2004 (The State of the Art of Stream Ciphers). It uses clock-controlled non-linear feedback registers together with an S-box controlled by a chaotic sequence and was claimed to prevent any existing attacks. However, our analysis shows that there are some serious security flaws in the design of the S-box, resulting in heavy biased byte distribution in the keystream. In some broadcast applications, this flaw will cause a ciphertext-only attack with high success rate. Besides, there are also many security flaws in other parts of the cipher. We point out these flaws one by one and develop a divide-and-conquer attack to recover the secret keys from O(2 26 )-byte known plaintext with success rate 93.4597% and complexity O(2 113 ), which is much lower than 2 512 , the complexity of exhaustive search.Keywords: stream cipher, divide-and-conquer attack, non-linear feedback shift registers (NLFSR), chaotic sequence.From 1 st February of 2004, Europe launches the ECRYPT project, which collects lots of stream ciphers from all over the world. These new stream ciphers are unlike the traditional stream ciphers that use LFSRs as basic building blocks; instead they use more fashionable building blocks such as T-functions, non-linear feedback shift registers and random arrays. The aim of such a design is to frustrate the fast correlation attacks and algebraic attacks against LFSR-based stream ciphers, COSvd(2,128) [1] is such an example. It uses two NLFSRs and generates the driving sequence by clock-controlled method together with the so-called cross over mechanism, thus frustrating the direct applications of all kinds of general attacks on stream ciphers. Further, the attachment of a highly non-linear S-box conceals the driving sequence and makes the attacks [2][3][4] on lower version [5] invalid. On the other hand, according to the declaration of the designers, COSvd(2,128) was adopted by at least one commercial standard (the core algorithm in file system encryption software TURENEE). So far, there is only one literature [6]