Annual International Cryptology Conference

CRYPTO 2003: Advances in Cryptology - CRYPTO 2003 pp 176-194

Fast Algebraic Attacks on Stream Ciphers with Linear Feedback

  • Nicolas T. Courtois
Conference paper

DOI: 10.1007/978-3-540-45146-4_11

Volume 2729 of the book series Lecture Notes in Computer Science (LNCS)

Abstract

Many popular stream ciphers apply a filter/combiner to the state of one or several LFSRs. Algebraic attacks on such ciphers [10,11] are possible, if there is a multivariate relation involving the key/state bits and the output bits. [1,2,10,11] show that such relations exist for several well known constructions of stream ciphers immune to all previously known attacks. In particular, they allow to break two ciphers using LFSRs and completely “well designed” Boolean functions: Toyocrypt and LILI-128, see [10,11]. similar algebraic attacks exist also for the stateful combiner construction used in Bluetooth keystream generator E0 [1]. More generally, in [2] it is proven that they can break in polynomial time, any combiner with a fixed number of inputs and a fixed number of memory bits.

In this paper we present a method that allows to substantially reduce the complexity of all these attacks. We show that when the known keystream bits are consecutive, an important part of the equations will have a recursive structure, and this allows to partially replace the usual sub-cubic Gaussian algorithms for eliminating the monomials, by a much faster, essentially linear, version of the Berlekamp-Massey algorithm. The new method gives the fastest attack proposed so far for Toyocrypt, LILI-128 and the keystream generator that is used in E0 cipher. Moreover we present two new fast general algebraic attacks for stream ciphers using Boolean functions, applicable when the degree and/or the number of inputs is not too big.

Keywords

Algebraic attacksstream ciphersmultivariate equationsnonlinear filtersBoolean functionscombiners with memoryLFSR synthesisBerlekamp-Massey algorithmToyocryptCryptrecLILI-128NessieE0Bluetooth
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Nicolas T. Courtois
    • 1
  1. 1.Cryptography Research, Schlumberger Smart CardsLouveciennesFrance