Fast Correlation Attacks over Extension Fields, Large-Unit Linear Approximation and Cryptanalysis of SNOW 2.0

Zhang, Bin; Xu, Chao; Meier, Willi

doi:10.1007/978-3-662-47989-6_31

Cited by 27 publications

(50 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For SNOW 2.0, several distinguishing attacks and correlation attacks have been proposed [NW06,ZXM15]. The basic idea has been to approximate the FSM part through linear masking and then to cancel out the contributions of the registers by combining expressions for several keystream words.…”

Section: Linear Distinguishing Attacks and Correlation Attacksmentioning

confidence: 99%

A new SNOW stream cipher called SNOW-V

Ekdahl

Johansson

Maximov

et al. 2019

ToSC

View full text Add to dashboard Cite

In this paper we are proposing a new member in the SNOW family of stream ciphers, called SNOW-V. The motivation is to meet an industry demand of very high speed encryption in a virtualized environment, something that can be expected to be relevant in a future 5G mobile communication system. We are revising the SNOW 3G architecture to be competitive in such a pure software environment, making use of both existing acceleration instructions for the AES encryption round function as well as the ability of modern CPUs to handle large vectors of integers (e.g. SIMD instructions). We have kept the general design from SNOW 3G, in terms of linear feedback shift register (LFSR) and Finite State Machine (FSM), but both entities are updated to better align with vectorized implementations. The LFSR part is new and operates 8 times the speed of the FSM. We have furthermore increased the total state size by using 128-bit registers in the FSM, we use the full AES encryption round function in the FSM update, and, finally, the initialization phase includes a masking with key bits at its end. The result is an algorithm generally much faster than AES-256 and with expected security not worse than AES-256.

show abstract

Section: Linear Distinguishing Attacks and Correlation Attacksmentioning

confidence: 99%

A new SNOW stream cipher called SNOW-V

Ekdahl

Johansson

Maximov

et al. 2019

ToSC

View full text Add to dashboard Cite

show abstract

“…This new weakness leads to various severe attacks [13] on GOST. Similarly, our cryptographic sampling technique is applicable and it further threatens the security of the SNOW 2.0 cipher [22]. For general SNR ≥ 8 log 2, regardless of 2 L , when N ∼ 2 n , we choose appropriate b such that N = b · 2 .…”

Section: Applications and Experimental Resultsmentioning

confidence: 99%

Walsh Sampling with Incomplete Noisy Signals

Lu¹

2018

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

With the advent of massive data outputs at a regular rate, admittedly, signal processing technology plays an increasingly key role. Nowadays, signals are not merely restricted to physical sources, they have been extended to digital sources as well.Under the general assumption of discrete statistical signal sources, we propose a practical problem of sampling incomplete noisy signals for which we do not know a priori and the sampling size is bounded. We approach this sampling problem by Shannon's channel coding theorem. Our main results demonstrate that it is the large Walsh coefficient(s) that characterize(s) discrete statistical signals, regardless of the signal sources. By the connection of Shannon's theorem, we establish the necessary and sufficient condition for our generic sampling problem for the first time. Our generic sampling results find practical and powerful applications in not only statistical cryptanalysis, but software system performance optimization.

show abstract

“…Given that the confidentiality is a very crucial aspect in satellite communications, the encryption algorithms in the satellite phones should be strong enough to withstand various eavesdropping risks. In the mobile application scenario, several symmetric ciphers have been developed and adopted as cryptographic components for secure communications, e.g., A5, SNOW, and ZUC, and their security has been sufficiently evaluated in the past years [2][3][4][5][6][7][8]. However, the GMR cryptographic algorithms are not included in the officially published GMR standards, and the details of these satellite cipher algorithms were non-public until the German research team Driessen et al [9,10] uncovered the GMR-1 and the GMR-2 ciphers using reverse engineering in 2012.…”

Section: Backgrounds and The Gmr-2 Ciphermentioning

confidence: 99%

A real-time inversion attack on the GMR-2 cipher used in the satellite phones

Tang

2018

Sci. China Inf. Sci.

View full text Add to dashboard Cite

The GMR-2 cipher is a type of stream cipher currently being used in some inmarsat satellite phones. It has been proven that such a cipher can be cracked using only one single-frame (15 bytes) known keystream but with moderate executing time. In this paper, we present a new thorough security analysis of the GMR-2 cipher. We first study the inverse properties of the cipher's components to reveal a bad one-way character of the cipher. By then introducing a new concept called "valid key chain" according to the cipher's key schedule, we propose an unprecedented real-time inversion attack using a single-frame keystream. This attack comprises three phases: (1) table generation; (2) dynamic table look-up, filtration and combination; and (3) verification. Our analysis shows that, using the proposed attack, the size of the exhaustive search space for the 64-bit encryption key can be reduced to approximately 2 13 when a single-frame keystream is available. Compared with previous known attacks, this inversion attack is much more efficient. Finally, the proposed attack is carried out on a 3.3-GHz PC, and the experimental results thus obtained demonstrate that the 64-bit encryption-key could be recovered in approximately 0.02 s on average. Keywords satellite phone, stream cipher, GMR-2, cryptanalysis, inversion attack Citation Hu J, Li R L, Tang C J. A real-time inversion attack on the GMR-2 cipher used in the satellite phones.

show abstract

Fast Correlation Attacks over Extension Fields, Large-Unit Linear Approximation and Cryptanalysis of SNOW 2.0

Cited by 27 publications

References 21 publications

A new SNOW stream cipher called SNOW-V

A new SNOW stream cipher called SNOW-V

Walsh Sampling with Incomplete Noisy Signals

A real-time inversion attack on the GMR-2 cipher used in the satellite phones

Contact Info

Product

Resources

About