An Efficient State Recovery Attack on the X-FCSR Family of Stream Ciphers
- First Online:
- Cite this article as:
- Stankovski, P., Hell, M. & Johansson, T. J Cryptol (2014) 27: 1. doi:10.1007/s00145-012-9130-9
We describe a state recovery attack on the X-FCSR family of stream ciphers. In this attack we analyse each block of output keystream and try to solve for the state. The solver will succeed when a number of state conditions are satisfied. For X-FCSR-256, our best attack has a computational complexity of only 24.7 table lookups per block of keystream, with an expected 244.3 such blocks before the attack is successful. The precomputational storage requirement is 233. For X-FCSR-128, the computational complexity of our best attack is 216.3 table lookups per block of keystream, where we expect 255.2 output blocks before the attack comes through. The precomputational storage requirement for X-FCSR-128 is 267.