Time-Memory-Data Trade-Off Attack on Stream Ciphers Based on Maiorana-McFarland Functions

Abstract: In this paper, we present the time-memory-data (TMD) trade-off attack on stream ciphers filter function generators and filter cominers based on Maiorana-McFarland functions. This can be considered as a generalization of the time-memory-data trade-off attack of Mihaljevic and Imai on Toyocrypt. First, we substitute the filter function in Toyocrypt (which has the same size as the LFSR) with a general Maiorana-McFarland function. This allows us to apply the attack to a wider class of stream ciphers. Second, we hi… Show more

“…1. In this case, our indicator suggests that either standard algebraic attacks or Time-Memory-Data (TMD) trade-off attacks [8] can also be applied in this scenario. In the extreme case when EN (r) F = 0 linear equations in secret state bits are obtained, as demonstrated in Example 1 below.…”

“…In the first place this class has a particular algebraic structure, which is characterised by the property that when a fixed subset of input variables is kept fixed (restriction on say x 1 , …, x k ) the function becomes linear or in general affine. Certain cryptographic weaknesses, especially in a straightforward applications such as a filtering function, are somehow immanent to this class and consequently many cryptanalytic attacks perform better if such a function is employed [8][9][10]. Nevertheless, Maiorana-McFarland functions have received a lot of attention as a construction method both in the design of Boolean functions and resilient S-boxes.…”

On the approximation of S‐boxes via Maiorana–McFarland functions

“…1. In this case, our indicator suggests that either standard algebraic attacks or Time-Memory-Data (TMD) trade-off attacks [8] can also be applied in this scenario. In the extreme case when EN (r) F = 0 linear equations in secret state bits are obtained, as demonstrated in Example 1 below.…”

“…In the first place this class has a particular algebraic structure, which is characterised by the property that when a fixed subset of input variables is kept fixed (restriction on say x 1 , …, x k ) the function becomes linear or in general affine. Certain cryptographic weaknesses, especially in a straightforward applications such as a filtering function, are somehow immanent to this class and consequently many cryptanalytic attacks perform better if such a function is employed [8][9][10]. Nevertheless, Maiorana-McFarland functions have received a lot of attention as a construction method both in the design of Boolean functions and resilient S-boxes.…”

On the approximation of S‐boxes via Maiorana–McFarland functions

An Improved Time-Memory-Data Trade-Off Attack against Irregularly Clocked and Filtered Keystream Generators

New construction of highly nonlinear resilient S-boxes via linear codes