Advances in Cryptology - ASIACRYPT 2008

Volume 5350 of the series Lecture Notes in Computer Science pp 539-556

A New Attack on the LEX Stream Cipher

  • Orr DunkelmanAffiliated withÉcole Normale Supérieure, Département d’Informatique, CNRS, INRIA
  • , Nathan KellerAffiliated withEinstein Institute of Mathematics, Hebrew University


In [6], Biryukov presented a new methodology of stream cipher design, called leak extraction. The stream cipher LEX, based on this methodology and on the AES block cipher, was selected to phase 3 of the eSTREAM competition. The suggested methodology seemed promising, and LEX, due to its elegance, simplicity and performance was expected to be selected to the eSTREAM portfolio.

In this paper we present a key recovery attack on LEX. The attack requires about 236.3 bytes of key-stream produced by the same key (possibly under many different IVs), and retrieves the secret key in time of 2112 simple operations. Following a preliminary version of our attack, LEX was discarded from the final portfolio of eSTREAM.


LEX AES stream cipher design