, Volume 27, Issue 1, pp 1-22

An Efficient State Recovery Attack on the X-FCSR Family of Stream Ciphers

Purchase on Springer.com

$39.95 / €34.95 / £29.95*

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access


We describe a state recovery attack on the X-FCSR family of stream ciphers. In this attack we analyse each block of output keystream and try to solve for the state. The solver will succeed when a number of state conditions are satisfied. For X-FCSR-256, our best attack has a computational complexity of only 24.7 table lookups per block of keystream, with an expected 244.3 such blocks before the attack is successful. The precomputational storage requirement is 233. For X-FCSR-128, the computational complexity of our best attack is 216.3 table lookups per block of keystream, where we expect 255.2 output blocks before the attack comes through. The precomputational storage requirement for X-FCSR-128 is 267.

Communicated by Mitsuru Matsui
This is the full version of the paper An Efficient State Recovery Attack on X-FCSR [14], solicited by the Editors-in-Chief as one of the best papers from FSE 2009, based on the recommendation of the program committee.