Abstract
Time/memory tradeoff (TMTO) is a generic method of inverting oneway functions. In this paper, we focus on identifying candidate oneway functions hidden in cryptographic algorithms, inverting which will result in breaking the algorithm. The results we obtain on stream and block ciphers are the most important ones. For streamciphers using IV, we show that if the IV is shorter than the key, then the algorithm is vulnerable to TMTO. Further, from a TMTO point of view, it makes no sense to increase the size of the internal state of a streamcipher without increasing the size of the IV. This has impact on the recent ECRYPT call for streamcipher primitives and clears an almost decade old confusion on the size of key versus state of a streamcipher. For blockciphers, we consider various modes of operations and show that to different degrees all of these are vulnerable to TMTO attacks. In particular, we describe multiple data chosen plaintext TMTO attacks on the CBC and CFB modes of operations. This clears a quarter century old confusion on this issue starting from Hellman’s seminal paper in 1980 to Shamir’s invited talk at Asiacrypt 2004. We also provide some new applications of TMTO and a set of general guidelines for applying TMTO attacks.
Chapter PDF
Similar content being viewed by others
Keywords
References
3GPP TS 55.215 V6.2.0 (2003-09), A5/3 and GEA3 Specifications, Available from http://www.gsmworld.com
Consortium for efficient embedded security. Efficient embedded security standards (EESS) #1. Version 2.0 (June 2003), Available from http://www.ceesstandards.org/
ECRYPT. Call for stream cipher primitives. Version 1.2 (February 2004), http://www.ecrypt.eu.org/stream/
Babbage, S.H.: Improved exhaustive search attacks on stream ciphers. In: European Convention on Security and Detection. IEE Conference publication No. 408, pp. 161–166. IEE (1995)
Biryukov, A., Mukhopadhyay, S., Sarkar, P.: Improved time-memory trade-offs with multiple data. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 110–127. Springer, Heidelberg (2006) (to appear)
Biryukov, A.: Some thoughts on time-memory-data tradeoffs. Cryptology ePrint Archive, Report 2005/207 (June 30, 2005), http://eprint.iacr.org/2005/207
Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000)
De Cannière, C., Lano, J., Preneel, B.: Comment on the rediscovery of time memory data tradeoffs. Available as a link on the ECRYPT Call for Stream Cipher Primitives [3] page version 1.3 (April 2005)
Denning: Cryptography and data security. Addison-Wesley, Reading (1982)
Fiat, A., Naor, M.: Rigorous time/space tradeoffs for invering functions. SIAM J. on Computing 29(3), 790–803 (1999)
Fluhrer, S., Mantin, I., Shamir, A.: Weakness in the key scheduling algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001)
Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997)
Gutterman, Z., Malkhi, D.: Hold your sessions: An attack on Java session-id generation. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 44–57. Springer, Heidelberg (2005)
Halevi, S., Rogaway, P.: A tweakable enciphering mode. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 482–499. Springer, Heidelberg (2003)
Halevi, S., Rogaway, P.: A parallelizable enciphering mode. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 292–304. Springer, Heidelberg (2004)
Hellman, M.E.: A cryptanalytic time-memory trade-off. IEEE Trans. on Infor. Theory 26, 401–406 (1980)
Hong, J., Sarkar, P.: Rediscovery of time memory tradeoffs. Cryptology ePrint Archive, Report 2005/090 (March 22, 2005), http://eprint.iacr.org/2005/090
Howgrave-Graham, N., Silverman, J.H., Whyte, W.: Choosing parameter sets for NTRUEncrypt with NAEP and SVES-3. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 118–135. Springer, Heidelberg (2005)
Iwata, T., Kurosawa, K.: OMAC: One-Key CBC MAC. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 129–153. Springer, Heidelberg (2003)
Kim, I.-J., Matsumoto, T.: Achieving higher success probability in time-memory trade-off cryptanalysis without increasing memory size. IEICE Trans. Fundamentals, E82-A, pp. 123–129 (1999)
Liskov, M., Rivest, R.L., Wagner, D.: Tweakable block ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 31–46. Springer, Heidelberg (2002)
Mukhopadhyay, S., Sarkar, P.: TMTO with multiple data: Analysis and new single table trade-offs. Cryptology ePrint Archive, Report 2005/214 (July 4, 2005), http://eprint.iacr.org/2005/214
Oechslin, P.: Making a fast cryptanalytic time-memory trade-off. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 617–630. Springer, Heidelberg (2003)
Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: A block-ciper mode of operation for efficient authenticated ecryption. In: 8th ACM CCS, pp. 196–205. ACM Press, New York (2001)
Shamir, A.: Stream ciphers: Dead or alive? Presentation slides for invited talk given at Asiacrypt (2004), Available from http://www.iris.re.kr/ac04/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hong, J., Sarkar, P. (2005). New Applications of Time Memory Data Tradeoffs. In: Roy, B. (eds) Advances in Cryptology - ASIACRYPT 2005. ASIACRYPT 2005. Lecture Notes in Computer Science, vol 3788. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11593447_19
Download citation
DOI: https://doi.org/10.1007/11593447_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30684-9
Online ISBN: 978-3-540-32267-2
eBook Packages: Computer ScienceComputer Science (R0)