Algebraic attacks on stream ciphers with linear feedback.
In: Boneh, D., (ed.)
Advances in Cryptology – CRYPTO 2003: 23rd Annual International Cryptology Conference, Santa Barbara, California, USA, August 17-21, 2003. Proceedings.
(pp. p. 644).
Springer Verlag: Berlin/ Heidelberg, Germany.
A classical construction of stream ciphers is to combine several LFSRs and a highly non-linear Boolean function f. Their security is usually analysed in terms of correlation attacks, that can be seen as solving a system of multivariate linear equations, true with some probability. At ICISC’02 this approach is extended to systems of higher-degree multivariate equations, and gives an attack in 292 for Toyocrypt, a Cryptrec submission. In this attack the key is found by solving an overdefined system of algebraic equations. In this paper we show how to substantially lower the degree of these equations by multiplying them by well-chosen multivariate polynomials. Thus we are able to break Toyocrypt in 249 CPU clocks, with only 20 Kbytes of keystream, the fastest attack proposed so far. We also successfully attack the Nessie submission LILI-128, within 257 CPU clocks (not the fastest attack known). In general, we show that if the Boolean function uses only a small subset (e.g. 10) of state/LFSR bits, the cipher can be broken, whatever is the Boolean function used (worst case). Our new general algebraic attack breaks stream ciphers satisfying all the previously known design criteria in at most the square root of the complexity of the previously known generic attack.
|Title:||Algebraic attacks on stream ciphers with linear feedback|
|Keywords:||Algebraic attacks on stream ciphers, pseudo-random generators, nonlinear filtering, Boolean functions, factoring multivariate polynomials, multivariate equations, overdefined problems, XL algorithm, ciphertext-only attacks, toyocrypt, cryptrec, LILI-128, Nessie|
|UCL classification:||UCL > School of BEAMS > Faculty of Engineering Science > Adastral Park|
Archive Staff Only