Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers
In 1980 Hellman introduced a general technique for breaking arbitrary block ciphers with N possible keys in time T and memory M related by the tradeoff curve TM2 = N2 for 1 ≤ T ≤ N. Recently, Babbage and Golic pointed out that a different TM = N tradeoff attack for 1 ≤ T ≤ D is applicable to stream ciphers, where D is the amount of output data available to the attacker. In this paper we show that a combination of the two approaches has an improved time/memory/data tradeoff for stream ciphers of the form TM 2 D 2 = N 2 for any D 2 ≤ T ≤ N. In addition, we show that stream ciphers with low sampling resistance have tradeoff attacks with fewer table lookups and a wider choice of parameters.
KeywordsCryptanalysis stream ciphers time/memory tradeoff attacks
- 1.D. Coppersmith, H. Krawczyk, Y. Mansour, The Shrinking Generator, Proceedings of Crypto’93, pp.22–39, Springer-Verlag, 1993.Google Scholar
- 2.S. Babbage, A Space/Time Tradeoff in Exhaustive Search Attacks on Stream Ciphers, European Convention on Security and Detection, IEE Conference Publication No. 408, May 1995.Google Scholar
- 3.A. Biryukov, A. Shamir, and D. Wagner, Real Time Cryptanalysis of A5/1 on a PC, Proceedings of Fast Software Encryption 2000.Google Scholar
- 4.J. Golic, Cryptanalysis of Alleged A5Str eam Cipher, Proceedings of Eurocrypt’97, LNCS 1233, pp. 239–255, Springer-Verlag 1997.Google Scholar
- 6.W. Meier, O. Staffelbach, The Self-Shrinking Generator, Proceedings of Eurocrypt’94, pp.205–214, Springer-Verlag, 1994.Google Scholar