Distinguishing attacks on stream ciphers based on arrays of pseudo-random words

Nathan Keller; Stephen D. Miller

doi:10.1016/j.ipl.2009.11.006

Distinguishing attacks on stream ciphers based on arrays of pseudo-random words

Nathan Keller, Stephen D. Miller

School of Arts and Sciences, Mathematics

Research output: Contribution to journal › Article › peer-review

4 Scopus citations

Abstract

In numerous modern stream ciphers, the internal state consists of a large array of pseudo-random words, while the output key-stream is a relatively simple function of the state. It has been heuristically shown in several situations [3,8-11,14] that this structure may lead to distinguishing attacks on the cipher. In this note we present a more rigorous treatment of this structural attack. First, we present a rigorous proof of the main probabilistic claim behind it in the basic cases. We then apply it concretely to the cipher sn3 [12], and demonstrate that the heuristic assumptions of the attack are remarkably precise in more complicated cases.

Original language	English (US)
Pages (from-to)	129-132
Number of pages	4
Journal	Information Processing Letters
Volume	110
Issue number	4
DOIs	https://doi.org/10.1016/j.ipl.2009.11.006
State	Published - Jan 16 2010

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Signal Processing
Information Systems
Computer Science Applications

Keywords

Cryptography
Distinguishing attacks
MV3
SN3
Stream ciphers

Access to Document

10.1016/j.ipl.2009.11.006

Cite this

@article{3250067f39df4ea29758a3931528ccaa,

title = "Distinguishing attacks on stream ciphers based on arrays of pseudo-random words",

abstract = "In numerous modern stream ciphers, the internal state consists of a large array of pseudo-random words, while the output key-stream is a relatively simple function of the state. It has been heuristically shown in several situations [3,8-11,14] that this structure may lead to distinguishing attacks on the cipher. In this note we present a more rigorous treatment of this structural attack. First, we present a rigorous proof of the main probabilistic claim behind it in the basic cases. We then apply it concretely to the cipher sn3 [12], and demonstrate that the heuristic assumptions of the attack are remarkably precise in more complicated cases.",

keywords = "Cryptography, Distinguishing attacks, MV3, SN3, Stream ciphers",

author = "Nathan Keller and Miller, {Stephen D.}",

note = "Funding Information: 1 Partially supported by the Adams Fellowship Program of the Israel Academy of Sciences and Humanities. Funding Information: 2 Partially supported by NSF grant DMS-0601009. The authors wish to thank Orr Dunkelman, Ilya Mironov, and Ramarathnam Venkatesan for their fruitful discussions, Alex Sherman for his assistance conducting the experiments on sn3, and Souradyuti Paul for his discussions on the constant c0 in footnote 6.",

year = "2010",

month = jan,

day = "16",

doi = "10.1016/j.ipl.2009.11.006",

language = "English (US)",

volume = "110",

pages = "129--132",

journal = "Information Processing Letters",

issn = "0020-0190",

publisher = "Elsevier",

number = "4",

}

TY - JOUR

T1 - Distinguishing attacks on stream ciphers based on arrays of pseudo-random words

AU - Keller, Nathan

AU - Miller, Stephen D.

N1 - Funding Information: 1 Partially supported by the Adams Fellowship Program of the Israel Academy of Sciences and Humanities. Funding Information: 2 Partially supported by NSF grant DMS-0601009. The authors wish to thank Orr Dunkelman, Ilya Mironov, and Ramarathnam Venkatesan for their fruitful discussions, Alex Sherman for his assistance conducting the experiments on sn3, and Souradyuti Paul for his discussions on the constant c0 in footnote 6.

PY - 2010/1/16

Y1 - 2010/1/16

N2 - In numerous modern stream ciphers, the internal state consists of a large array of pseudo-random words, while the output key-stream is a relatively simple function of the state. It has been heuristically shown in several situations [3,8-11,14] that this structure may lead to distinguishing attacks on the cipher. In this note we present a more rigorous treatment of this structural attack. First, we present a rigorous proof of the main probabilistic claim behind it in the basic cases. We then apply it concretely to the cipher sn3 [12], and demonstrate that the heuristic assumptions of the attack are remarkably precise in more complicated cases.

AB - In numerous modern stream ciphers, the internal state consists of a large array of pseudo-random words, while the output key-stream is a relatively simple function of the state. It has been heuristically shown in several situations [3,8-11,14] that this structure may lead to distinguishing attacks on the cipher. In this note we present a more rigorous treatment of this structural attack. First, we present a rigorous proof of the main probabilistic claim behind it in the basic cases. We then apply it concretely to the cipher sn3 [12], and demonstrate that the heuristic assumptions of the attack are remarkably precise in more complicated cases.

KW - Cryptography

KW - Distinguishing attacks

KW - MV3

KW - SN3

KW - Stream ciphers

UR - http://www.scopus.com/inward/record.url?scp=72249110051&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=72249110051&partnerID=8YFLogxK

U2 - 10.1016/j.ipl.2009.11.006

DO - 10.1016/j.ipl.2009.11.006

M3 - Article

AN - SCOPUS:72249110051

SN - 0020-0190

VL - 110

SP - 129

EP - 132

JO - Information Processing Letters

JF - Information Processing Letters

IS - 4

ER -

Distinguishing attacks on stream ciphers based on arrays of pseudo-random words

Abstract

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this