Skip to main content
SpringerLink
Log in

Cryptanalysis of the Stream Cipher LEX

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Biryukov (The Design of a Stream Cipher LEX, Proceedings of Selected Areas in Cryptography, 2006 Springer, pp 67–75, 2007) presented a new methodology of stream cipher design called leak extraction. The stream cipher LEX, based on this methodology and on the AES block cipher, was selected to round 3 of the eSTREAM competition. The suggested methodology seemed promising, and LEX, due to its elegance, simplicity, and performance, was expected to be selected to the eSTREAM portfolio. In this article we present a key recovery attack on LEX. The attack requires about 240 bytes of key-stream produced by the same key (possibly under many different IVs), and retrieves the secret key in time of about 2100 AES encryptions. Following a preliminary version of our attack, LEX was discarded from the final portfolio of eSTREAM.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Babbage S.H., Dodd M.: Specification of the stream cipher mickey 2.0, submitted to eSTREAM, (2006). Available on-line at: http://www.ecrypt.eu.org/stream/p3ciphers/mickey/mickey_p3.pdf.

  2. Babbage S.H.: Improved “exhaustive search” attacks on stream ciphers, IEE European Convention on Security and Detection, IEE Conference publication 408, pp. 161–165 (1995).

  3. Biham E., Shamir A.: Differential cryptanalysis of the data encryption standard. Springer, London (1993)

    Book  MATH  Google Scholar 

  4. Biryukov A.: The design of a stream cipher LEX. Proceedings of Selected Areas in Cryptography 2006, Lecture Notes in Computer Science 4356, pp. 67–75, Springer, Berlin (2007).

  5. Biryukov A.: A new 128-bit key stream cipher LEX, ECRYPT stream cipher project report 2005/013. Available on-line at http://www.ecrypt.eu.org/stream.

  6. Biryukov A.: The Tweak for LEX-128, LEX-192, LEX-256, ECRYPT stream cipher project report 2006/037. Available on-line at http://www.ecrypt.eu.org/stream.

  7. Biryukov A., Mukhopadhyay S., Sarkar P.: Improved time-memory tradeoffs with multiple data. Proceedings of Selected Areas in Cryptography 2005, Lecture Notes in Computer Science 3897, pp. 245–260, Springer, Berlin (2006).

  8. Biryukov A., Shamir A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers, Advances in Cryptology. Proceedings of ASIACRYPT 2000, Lecture Notes in Computer Science 1976, pp. 1–13, Springer, Berlin (2000).

  9. Blum M., Micali S.: How to generate cryptographically strong sequences of pseudo-random bits, SIAM J. Comput. 13(4), 850–864 (1984)

    MathSciNet  MATH  Google Scholar 

  10. Bouillaguet C., Derbez P., Dunkelman O., Keller N., Rijmen V., Fouque, P-A.: Low data complexity attacks on AES. IEEE Trans. Inform. Theory. (2012). Available on-line at http://eprint.iacr.org/2010/633.

  11. Bouillaguet C., Derbez P., Fouque P-A.: Automatic search of attacks on round-reduced AES and applications. Advances in Cryptography. Proceedings of CRYPTO 2011, Lecture Notes in Computer Science 6841, pp. 169–187, Springer, Berlin (2011).

  12. Daemen J., Rijmen V.: AES proposal: rijndael. NIST AES proposal (1998).

  13. Daemen J., Rijmen V.: The design of rijndael: AES, the advanced encryption standard, Springer, Berlin (2002).

  14. Dunkelman O., Keller N.: Treatment of the initial value in time-memory-data tradeoff attacks on stream ciphers, Information Processing Letters, vol. 107, No. 5, pp. 133–137, Elsevier, Amsterdam (2008).

  15. Dunkelman O., Keller N.: A new attack on the LEX stream cipher, Advances in Cryptology. Proceedings of ASIACRYPT 2008, Lecture Notes in Computer Science 5350, pp. 539–556, Springer, Berlin (2008).

  16. Dunkelman O., Keller N., Shamir A.: Improved single-key attacks on 8-round AES-192 and AES-256, Advances in Cryptology, proceedings of ASIACRYPT 2010, Lecture Notes in Computer Science 6477, pp. 158–176, Springer, Berlin (2010).

  17. ECRYPT: Call for stream cipher primitives version 1.3, 12.4.2005. Available on-line at http://www.ecrypt.eu.org/stream/call/.

  18. Englund H.K., Hell M., Johansson T.: A note on distinguishing attacks. Preproceedings of State of the Art of Stream Ciphers workshop (SASC 2007), pp. 73–78, Bochum, Germany, (2007).

  19. Ferguson N., Kelsey J., Lucks S., Schneier B., Stay M., Wagner D., Whiting D.: Improved cryptanalysis of rijndael. Proceedings of Fast Software Encryption 2000, Lecture Notes in Computer Science 1978, pp. 213–230, Springer, Berlin (2001).

  20. Goldreich O., Levin L.A.: A hard-core predicate for all one-way functions. Proceedings of 21st STOC (1989), pp. 25–32, ACM, New York (1989).

  21. Golic J.Dj.: Cryptanalysis of alleged A5 stream cipher, Advances in Cryptology. Proceedings of EUROCRYPT 1997, Lecture Notes in Computer Science 1233, pp. 239–255, Springer, Berlin (1997).

  22. National Institute of Standards and Technology: Advanced Encryption Standard, Federal Information Processing Standards Publications No. 197, (2001).

  23. Stad J.H., Näslund M.: BMGL: Synchronous key-stream generator with provable security, Submission to the NESSIE project, 2000. Available on-line at http://www.nessie.eu.org.

  24. Wu H., Preneel B.: Attacking the IV setup of stream cipher LEX, ECRYPT stream cipher project report 2005/059. Available on-line at http://www.ecrypt.eu.org/stream.

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, University of Haifa, Haifa, 31905, Israel

    Orr Dunkelman

  2. Department of Mathematics, Bar-Ilan University, Ramat Gan, 52900, Israel

    Nathan Keller

  3. Faculty of Mathematics and Computer Science, Weizmann Institute of Science, P.O. Box 26, Rehovot, 76100, Israel

    Orr Dunkelman & Nathan Keller

Authors
  1. Orr Dunkelman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nathan Keller
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Orr Dunkelman.

Additional information

Communicated by V. Rijmen.

A preliminary version of the paper, in which the time complexity of the attack is 2110.3 encryptions, was presented at Asiacrypt 2008 [15]. The improved attack presented in Sect. 5 is novel. Another new result in this article is the improved analysis of the sampling resistance of LEX presented in Sect. 6.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Dunkelman, O., Keller, N. Cryptanalysis of the Stream Cipher LEX. Des. Codes Cryptogr. 67, 357–373 (2013). https://doi.org/10.1007/s10623-012-9612-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-012-9612-7

Keywords

Mathematics Subject Classification (2000)

Search

Navigation