Abstract
We describe a cryptanalytical technique for distinguishing some stream ciphers from a truly random process. Roughly, the ciphers to which this method applies consist of a “non-linear process” (say, akin to a round function in block ciphers), and a “linear process” such as an LFSR (or even fixed tables). The output of the cipher can be the linear sum of both processes. To attack such ciphers, we look for any property of the “non-linear process” that can be distinguished from random. In addition, we look for a linear combination of the linear process that vanishes. We then consider the same linear combination applied to the cipher’s output, and try to find traces of the distinguishing property. In this report we analyze two specific “distinguishing properties”. One is a linear approximation of the non-linear process, which we demonstrate on the stream cipher SNOW. This attack needs roughly 295 words of output, with work-load of about 2100. The other is a “low-diffusion” attack, that we apply to the cipher Scream-0. The latter attack needs only about 243 bytes of output, using roughly 250 space and 280 time.
Chapter PDF
Similar content being viewed by others
References
A. Canteaut and E. Filiol. Ciphertext only reconstruction of stream ciphers based on combination generators. In Fast Software Encryption, volume 1978 of Lecture Notes in Computer Science, pages 165–180. Springer-Verlag, 2000.
D. Copersmith, S. Halevi, and C. Jutla. Scream: a software-efficient stream cipher. In Fast Software Encryption, Lecture Notes in Computer Science. Springer-Verlag, 2002. to appear. A longer version is available on-line from http://www.eprint.iacr.org/2002/019/.
D. Coppersmith, S. Halevi, and C. Jutla. Cryptanalysis of stream ciphers with linear masking. Available from the ePrint archive, at http://www.eprint.iacr.org/2002/020/, 2002.
J. Daemen and C. S. K. Clapp. Fast hashing and stream encryption with Panama. In S. Vaudenay, editor, Fast Software Encryption: 5th International Workshop, volume 1372 of Lecture Notes in Computer Science, pages 23–25. Springer-Verlag, 1998.
P. Ekdahl and T. Johansson. SNOW-a new stream cipher. Submitted to NESSIE. Available on-line from http://www.it.lth.se/cryptology/snow/.
P. Ekdahl and T. Johansson. Distinguishing attacks on SOBER-t16 and t32. In Fast Software Encryption, Lecture Notes in Computer Science. Springer-Verlag, 2002. to appear.
S. Fluhrer. Cryptanalysis of the SEAL 3.0 pseudorandom function family. In Proceedings of the Fast Software Encryption Workshop (FSE’01), 2001.
S. R. Fluhrer and D. A. McGraw. Statistical analysis of the alleged RC4 keystream generator. In Proceedings of the 7th Annual Workshop on Fast Software Encryption, (FSE’2000), volume 1978 of Lecture Notes in Computer Science, pages 19–30. Springer-Verlag, 2000.
J. D. Golić. Correlation properties of a general binary combiner with memory. Journal of Cryptology, 9(2):111–126, 1996.
J. D. Golić. Linear models for keystream generators. IEEE Trans. on Computers, 45(1):41–49, Jan 1996.
J. D. Golić. Linear statistical weakness of alleged RC4 keystream generator. In W. Fumy, editor, Advances in Cryptology-Eurocrypt’97, volume 1233 of Lecture Notes in Computer Science, pages 226–238. Springer-Verlag, 1997.
H. Handschuh and H. Gilbert. X2 cryptanalysis of the SEAL encryption algorithm. In Proceedings of the 4th Workshop on Fast Software Encryption, volume 1267 of Lecture Notes in Computer Science, pages 1–12. Springer-Verlag, 1997.
T. Johansson and F. Jönsson. Fast correlation attacks based on turbo code techniques. In Advances in Cryptology-CRYPTO’ 99, volume 1666 of Lecture Notes in Computer Science, pages 181–197. Springer-Verlag, 1999.
T. Johansson and F. Jönsson. Improved fast correlation attacks on stream ciphers via convolution codes. In Advances in Cryptology-Eurocrypt’ 99, volume 1592 of Lecture Notes in Computer Science, pages 347–362. Springer-Verlag, 1999.
M. Matsui. Linear cryptanalysis method for DES cipher. In Advances in Cryptology, EUROCRYPT’93, volume 765 of Lecture Notes in Computer Science, pages 386–397. Springer-Verlag, 1993.
R. N. McDonough and A. D. Whalen. Detection of Signals in Noise. Academic Press, Inc., 2nd edition, 1995.
W. Meier and O. Staffelbach. Fast correlation attacks on stream ciphers. Journal of Cryptology, 1(3):159–176, 1989.
P. Rogaway and D. Coppersmith. A software optimized encryption algorithm. Journal of Cryptology, 11(4):273–287, 1998.
D. Sundararajan. The Discrete Fourier Transform: Theory, Algorithms and Applications. World Scientific Pub Co., 2001.
S. P. Vadhan. A Study of Statistical Zero-Knowledge Proofs. PhD thesis, MIT Department of Mathematics, August 1999.
D. Watanabe, S. Furuya, H. Yoshida, and B. Preneel. A new keystream generator MUGI. In Fast Software Encryption, Lecture Notes in Computer Science. Springer-Verlag, 2002. Description available on-line from http://www.sdl.hitachi.co.jp/crypto/mugi/index-e.html.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coppersmith, D., Halevi, S., Jutla, C. (2002). Cryptanalysis of Stream Ciphers with Linear Masking. In: Yung, M. (eds) Advances in Cryptology — CRYPTO 2002. CRYPTO 2002. Lecture Notes in Computer Science, vol 2442. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45708-9_33
Download citation
DOI: https://doi.org/10.1007/3-540-45708-9_33
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44050-5
Online ISBN: 978-3-540-45708-4
eBook Packages: Springer Book Archive