Advertisement

Cryptography and Communications

, Volume 4, Issue 3–4, pp 203–215 | Cite as

High order differential attacks on stream ciphers

  • Simon Knellwolf
  • Willi Meier
Article

Abstract

Differential cryptanalysis is probably the most popular tool for chosen plaintext attacks on block ciphers. It also applies to chosen IV attacks on stream ciphers, but here, high order differential attacks have been surprisingly successful, namely on NLFSR-based constructions. Most approaches have been developed in terms of the algebraic normal form of Boolean functions. Prominent examples are the d-monomial test, cube attacks, and cube testers. We review the various techniques and translate them into the terminology of high order derivatives introduced by Lai. The unified view points out similarities between seemingly different approaches and naturally suggests generalizations and refinements such as conditional differential cryptanalysis.

Keywords

Stream cipher d-monomial test Cube attacks High order derivatives 

Mathematics Subject Classification (2010)

96A60 

Notes

Acknowledgements

This work was supported by the Hasler Foundation www.haslerfoundation.ch under project number 08065.

References

  1. 1.
    Aumasson, J.P., Dinur, I., Meier, W., Shamir, A.: Cube testers and key recovery attacks on reduced-round MD6 and Trivium. In: Dunkelman, O. (ed.) FSE. Lecture Notes in Computer Science, vol. 5665, pp. 1–22. Springer (2009)Google Scholar
  2. 2.
    Ben-Aroya, I., Biham, E.: Differential cryptanalysis of Lucifer. In: Stinson, D.R. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 773, pp. 187–199. Springer (1993)Google Scholar
  3. 3.
    Blum, M., Luby, M., Rubinfeld, R.: Self-testing/correcting with applications to numerical problems. In: Ortiz, H. (ed.) STOC. pp. 73–83. ACM (1990)Google Scholar
  4. 4.
    Cannière, C.D., Küçük, Ö., Preneel, B.: Analysis of grain’s initialization algorithm. In: Vaudenay, S. (ed.) Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, 11–14 June 2008. Proceedings. LNCS, vol. 5023, pp. 276–289. Springer (2008)Google Scholar
  5. 5.
    De Cannière, C.: Trivium: a stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., Lopez, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC. LNCS, vol. 4176, pp. 171–186. Springer (2006)Google Scholar
  6. 6.
    Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 5479, pp. 278–299. Springer (2009)Google Scholar
  7. 7.
    Dinur, I., Shamir, A.: Breaking Grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE. Lecture Notes in Computer Science, vol. 6733, pp. 167–187. Springer (2011)Google Scholar
  8. 8.
    Englund, H., Johansson, T., Turan, M.S.: A framework for chosen IV statistical analysis of stream ciphers. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT. LNCS, vol. 4859, pp. 268–281. Springer (2007)Google Scholar
  9. 9.
    Filiol, E.: A new statistical testing for symmetric ciphers and hash functions. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS. LNCS, vol. 2513, pp. 342–353. Springer (2002)Google Scholar
  10. 10.
    Fischer, S., Khazaei, S., Meier, W.: Chosen IV statistical analysis for key recovery attacks on stream ciphers. In: Vaudenay, S. (ed.) Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, 11–14 June 2008. Proceedings. LNCS, vol. 5023, pp. 236–245. Springer (2008)Google Scholar
  11. 11.
    Hell, M., Johansson, T., Maximov, A., Meier, W.: A stream cipher proposal: Grain-128. In: ISIT, pp. 1614–1618 (2006)Google Scholar
  12. 12.
    Hell, M., Johansson, T., Meier, W.: Grain: a stream cipher for constrained environments. Int. J. Wireless and Mobile Computing 2(1), 86–93 (2007)CrossRefGoogle Scholar
  13. 13.
    Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of NLFSR-based cryptosystems. In: Abe, M. (ed.) ASIACRYPT. Lecture Notes in Computer Science, vol. 6477, pp. 130–145. Springer (2010)Google Scholar
  14. 14.
    Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of trivium and KATAN. In: Miri, A., Vaudenay, S. (eds.) Selected Areas in Cryptography (2011)Google Scholar
  15. 15.
    Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE. LNCS, vol. 1008, pp. 196–211. Springer (1994)Google Scholar
  16. 16.
    Lai, X.: Higher order derivatives and differential cryptanalysis. In: Blahut, R.E., Costello, D.J., Maurer, U., Mittelholzer, T. (eds.) Communicationis and Cryptography: Two Sides of One Tapestry, pp. 227–233. Kluwer Academic Publishers (1994)Google Scholar
  17. 17.
    Saarinen, M.J.O.: Chosen-IV statistical attacks on eStream ciphers. In: Malek, M., Fernández-Medina, E., Hernando, J. (eds.) SECRYPT, pp. 260–266. INSTICC Press (2006)Google Scholar
  18. 18.
    Stankovski, P.: Greedy distinguishers and nonrandomness detectors. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT. Lecture Notes in Computer Science, vol. 6498, pp. 210–226. Springer (2010)Google Scholar
  19. 19.
    Vielhaber, M.: Breaking ONE.FIVIUM by AIDA an Algebraic IV Differential Attack. IACR Cryptology ePrint Archive 2007, 413 (2007)Google Scholar
  20. 20.
    Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 3494, pp. 19–35. Springer (2005)Google Scholar
  21. 21.
    Wu, H., Preneel, B.: Resynchronization attacks on WG and LEX. In: Robshaw, M.J.B. (ed.) FSE. Lecture Notes in Computer Science, vol. 4047, pp. 422–432. Springer (2006)Google Scholar

Copyright information

© Springer Science + Business Media, LLC 2012

Authors and Affiliations

  1. 1.ETH ZurichZurichSwitzerland
  2. 2.FHNWWindischSwitzerland

Personalised recommendations