Cryptanalysis of the F-FCSR Stream Cipher Family
This paper focuses on F-FCSR, a new family of stream ciphers proposed by Arnault and Berger at FSE 2005. It uses a non-linear primitive called the Feedback with Carry Shift Register (FCSR) as a building block. Its security relies on some properties of the 2-adic numbers. The F-FCSR family contains several stream ciphers, each of them proposing different features.
First, we show a resynchronization attack that breaks algorithms in the family that support initialization vectors. The attack requires at most 216 chosen IV’s and a little offline processing to recover the full secret key. We have implemented it with success on a standard PC.
Secondly, we show a time/memory/data trade-off attack which breaks several algorithms in the F-FCSR family, even when initialization vectors are not supported. Its complexity ranges from 264 to 280 operations (depending on which algorithm in the family we consider), while the internal state has size 196 bits at least. Therefore this attack is better than generic attacks.
KeywordsFCSR Time/memory/data trade-off stream cipher resynchronization attack
- 4.Arnault, F., Berger, T., Lauradoux, C.: Description of F-FCSR-8 and F-FCSR-H stream Ciphers. eSTREAM, ECRYPT Stream Cipher Project, Report 2005/008 (2005), http://www.ecrypt.eu.org/stream
- 5.Babbage, S.: A Space/Time Tradeoff in Exhaustive Search Attacks on Stream Ciphers. In: European Convention on Security and Detection, vol. 408. IEE Conference Publication (May 1995)Google Scholar
- 10.ECRYPT Network of Excellence in Cryptology, http://www.ecrypt.eu.org/index.html
- 11.eSTREAM - The ECRYPT Stream Cipher Project, http://www.ecrypt.eu.org/stream/
- 15.Jaulmes, E., Muller, F.: Cryptanalysis of ECRYPT Candidates F-FCSR-8 and F-FCSR-H. eSTREAM, ECRYPT Stream Cipher Project, Report 2005/046 (2005), http://www.ecrypt.eu.org/stream
- 17.Klapper, A., Goresky, M.: Cryptanalysis based on 2-adic rational approximation. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 262–273. Springer, Heidelberg (1995)Google Scholar
- 19.Meier, W., Staffelbach, O.: Fast Correlations Attacks on Certain Stream Ciphers. Journal of Cryptology, 159–176 (1989)Google Scholar