Cryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks
- Cite this paper as:
- Lee JK., Lee D.H., Park S. (2008) Cryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks. In: Pieprzyk J. (eds) Advances in Cryptology - ASIACRYPT 2008. ASIACRYPT 2008. Lecture Notes in Computer Science, vol 5350. Springer, Berlin, Heidelberg
In this paper, we present a correlation attack on Sosemanuk with complexity less than 2150. Sosemanuk is a software oriented stream cipher proposed by Berbain et al. to the eSTREAM call for stream cipher and has been selected in the final portfolio. Sosemanuk consists of a linear feedback shift register(LFSR) of ten 32-bit words and a finite state machine(FSM) of two 32-bit words. By combining linear approximation relations regarding the FSM update function, the FSM output function and the keystream output function, it is possible to derive linear approximation relations with correlation − 2− 21.41 involving only the keystream words and the LFSR initial state. Using such linear approximation relations, we mount a correlation attack with complexity 2147.88 and success probability 99% to recover the initial internal state of 384 bits. We also mount a correlation attack on SNOW 2.0 with complexity 2204.38.