Security analysis of a new stream cipher
- 54 Downloads
In this paper, we analyze the security of a new stream cipher-COSvd(2, 128). This cipher was proposed by E. Filiol et al. at the ECRYPT SASC’2004 (The State of the Art of Stream Ciphers). It uses clock-controlled non-linear feedback registers together with an S-box controlled by a chaotic sequence and was claimed to prevent any existing attacks. However, our analysis shows that there are some serious security flaws in the design of the S-box, resulting in heavy biased byte distribution in the keystream. In some broadcast applications, this flaw will cause a ciphertext-only attack with high success rate. Besides, there are also many security flaws in other parts of the cipher. We point out these flaws one by one and develop a divide-and-conquer attack to recover the secret keys from O(226)-byte known plaintext with success rate 93.4597% and complexity O(2113), which is much lower than 2512, the complexity of exhaustive search.
Keywordsstream cipher divide-and-conquer attack non-linear feedback shift registers (NLFSR) chaotic sequence
Unable to display preview. Download preview PDF.
- 1.Filiol E, Fontaine C, Josse S. The COSvd Ciphers. In: The State of the Art of Stream Ciphers, Workshop Record, Belgium, October 2004. 45–59Google Scholar
- 2.Wu H, Bao F. Cryptanalysis of stream cipher COS (2,128) mode I. In: Australian Conference on Information Security and Privacy-ACISP’2002, LNCS Vol. 2384. Berlin: Springer-Verlag, 2002. 154–158Google Scholar
- 3.Babbage S. The COS stream ciphers are extremely weak. http://eprint.iacr.org/2001/078/
- 4.Babbage S. Cryptanalysis of the COS (2,128) stream ciphers. http://eprint.iacr.org/2001/106/
- 5.Filiol E, Fontaine C. A new ultrafast stream ciphers design: COS Ciphers. In: The 8th IMA Conference on Cryptography and Coding, LNCS Vol. 2260. Berlin: Springer-Verlag, 2001. 85–98Google Scholar
- 6.Orumiehchi M, Mirghadri M. A distinguish attack on COSvd cipher. http://eprint.iacr.org/2005/164/
- 9.Erdmann D, Murphy S. Henon stream cipher. Elect Lett, 1992, 28(9): 893–895Google Scholar