Cryptanalysis of the F-FCSR Stream Cipher Family

  • Éliane Jaulmes
  • Frédéric Muller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3897)


This paper focuses on F-FCSR, a new family of stream ciphers proposed by Arnault and Berger at FSE 2005. It uses a non-linear primitive called the Feedback with Carry Shift Register (FCSR) as a building block. Its security relies on some properties of the 2-adic numbers. The F-FCSR family contains several stream ciphers, each of them proposing different features.

First, we show a resynchronization attack that breaks algorithms in the family that support initialization vectors. The attack requires at most 216 chosen IV’s and a little offline processing to recover the full secret key. We have implemented it with success on a standard PC.

Secondly, we show a time/memory/data trade-off attack which breaks several algorithms in the F-FCSR family, even when initialization vectors are not supported. Its complexity ranges from 264 to 280 operations (depending on which algorithm in the family we consider), while the internal state has size 196 bits at least. Therefore this attack is better than generic attacks.


FCSR Time/memory/data trade-off stream cipher resynchronization attack 


  1. 1.
    Armknecht, F., Lano, J., Preneel, B.: Extending the Resynchronization Attack. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 19–38. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Arnault, F., Berger, T.: A new class of stream ciphers combining LFSR and FCSR architectures. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 22–33. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Arnault, F., Berger, T.: F-FCSR: design of a new class of stream ciphers. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 83–97. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Arnault, F., Berger, T., Lauradoux, C.: Description of F-FCSR-8 and F-FCSR-H stream Ciphers. eSTREAM, ECRYPT Stream Cipher Project, Report 2005/008 (2005),
  5. 5.
    Babbage, S.: A Space/Time Tradeoff in Exhaustive Search Attacks on Stream Ciphers. In: European Convention on Security and Detection, vol. 408. IEE Conference Publication (May 1995)Google Scholar
  6. 6.
    Barkan, E., Biham, E., Keller, N.: Instant ciphertext-only cryptanalysis of GSM encrypted communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 600–616. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Biryukov, A., Shamir, A.: Cryptanalytic time/Memory/Data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Courtois, N., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Daemen, J., Govaerts, R., Vandewalle, J.: Resynchronization weaknesses in synchronous stream ciphers. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 159–167. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  10. 10.
    ECRYPT Network of Excellence in Cryptology,
  11. 11.
    eSTREAM - The ECRYPT Stream Cipher Project,
  12. 12.
    Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  13. 13.
    Golić, J., Morgari, G.: On the Resynchronization Attack. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 100–110. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Hellman, M.: A Cryptanalytic Time-Memory Tradeoff. IEEE Transactions on Information Theory 26(4), 401–406 (1980)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Jaulmes, E., Muller, F.: Cryptanalysis of ECRYPT Candidates F-FCSR-8 and F-FCSR-H. eSTREAM, ECRYPT Stream Cipher Project, Report 2005/046 (2005),
  16. 16.
    Klapper, A., Goresky, M.: 2-adic shift registers. In: Anderson, R. (ed.) FSE 1993. LNCS, vol. 809, pp. 174–178. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  17. 17.
    Klapper, A., Goresky, M.: Cryptanalysis based on 2-adic rational approximation. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 262–273. Springer, Heidelberg (1995)Google Scholar
  18. 18.
    Mantin, I., Shamir, A.: A Practical Attack on Broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  19. 19.
    Meier, W., Staffelbach, O.: Fast Correlations Attacks on Certain Stream Ciphers. Journal of Cryptology, 159–176 (1989)Google Scholar
  20. 20.
    Siegenthaler, T.: Correlation-immunity of Nonlinear Combining Functions for Cryptographic Applications. IEEE Transactions on Information Theory 30, 776–780 (1984)MathSciNetCrossRefMATHGoogle Scholar
  21. 21.
    Zhang, B., Wu, H., Feng, D., Bao, F.: Chosen Ciphertext Attack on a New Class of Self-Synchronizing Stream Ciphers. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 73–83. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Éliane Jaulmes
    • 1
  • Frédéric Muller
    • 1
  1. 1.DCSSI Crypto LabParis-07 SPFrance

Personalised recommendations