Article

Journal of Cryptology

, Volume 27, Issue 1, pp 1-22

First online:

An Efficient State Recovery Attack on the X-FCSR Family of Stream Ciphers

  • Paul StankovskiAffiliated withDept. of Electrical and Information Technology, Lund University Email author 
  • , Martin HellAffiliated withDept. of Electrical and Information Technology, Lund University
  • , Thomas JohanssonAffiliated withDept. of Electrical and Information Technology, Lund University

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access

Abstract

We describe a state recovery attack on the X-FCSR family of stream ciphers. In this attack we analyse each block of output keystream and try to solve for the state. The solver will succeed when a number of state conditions are satisfied. For X-FCSR-256, our best attack has a computational complexity of only 24.7 table lookups per block of keystream, with an expected 244.3 such blocks before the attack is successful. The precomputational storage requirement is 233. For X-FCSR-128, the computational complexity of our best attack is 216.3 table lookups per block of keystream, where we expect 255.2 output blocks before the attack comes through. The precomputational storage requirement for X-FCSR-128 is 267.

Key words

Stream cipher FCSR X-FCSR Cryptanalysis State recovery