Journal of Cryptology

, Volume 27, Issue 1, pp 1–22

An Efficient State Recovery Attack on the X-FCSR Family of Stream Ciphers


DOI: 10.1007/s00145-012-9130-9

Cite this article as:
Stankovski, P., Hell, M. & Johansson, T. J Cryptol (2014) 27: 1. doi:10.1007/s00145-012-9130-9


We describe a state recovery attack on the X-FCSR family of stream ciphers. In this attack we analyse each block of output keystream and try to solve for the state. The solver will succeed when a number of state conditions are satisfied. For X-FCSR-256, our best attack has a computational complexity of only 24.7 table lookups per block of keystream, with an expected 244.3 such blocks before the attack is successful. The precomputational storage requirement is 233. For X-FCSR-128, the computational complexity of our best attack is 216.3 table lookups per block of keystream, where we expect 255.2 output blocks before the attack comes through. The precomputational storage requirement for X-FCSR-128 is 267.

Key words

Stream cipher FCSR X-FCSR Cryptanalysis State recovery 

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Paul Stankovski
    • 1
  • Martin Hell
    • 1
  • Thomas Johansson
    • 1
  1. 1.Dept. of Electrical and Information TechnologyLund UniversityLundSweden

Personalised recommendations