Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers

  • Alex Biryukov
  • Adi Shamir
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1976)


In 1980 Hellman introduced a general technique for breaking arbitrary block ciphers with N possible keys in time T and memory M related by the tradeoff curve TM2 = N2 for 1 ≤ T ≤ N. Recently, Babbage and Golic pointed out that a different TM = N tradeoff attack for 1 ≤ T ≤ D is applicable to stream ciphers, where D is the amount of output data available to the attacker. In this paper we show that a combination of the two approaches has an improved time/memory/data tradeoff for stream ciphers of the form TM 2 D 2 = N 2 for any D 2TN. In addition, we show that stream ciphers with low sampling resistance have tradeoff attacks with fewer table lookups and a wider choice of parameters.


Cryptanalysis stream ciphers time/memory tradeoff attacks 


  1. 1.
    D. Coppersmith, H. Krawczyk, Y. Mansour, The Shrinking Generator, Proceedings of Crypto’93, pp.22–39, Springer-Verlag, 1993.Google Scholar
  2. 2.
    S. Babbage, A Space/Time Tradeoff in Exhaustive Search Attacks on Stream Ciphers, European Convention on Security and Detection, IEE Conference Publication No. 408, May 1995.Google Scholar
  3. 3.
    A. Biryukov, A. Shamir, and D. Wagner, Real Time Cryptanalysis of A5/1 on a PC, Proceedings of Fast Software Encryption 2000.Google Scholar
  4. 4.
    J. Golic, Cryptanalysis of Alleged A5Str eam Cipher, Proceedings of Eurocrypt’97, LNCS 1233, pp. 239–255, Springer-Verlag 1997.Google Scholar
  5. 5.
    M. E. Hellman, A Cryptanalytic Time-Memory Trade-Off, IEEE Transactions on Information Theory, Vol. IT-26, N 4, pp.401–406, July 1980.CrossRefMathSciNetGoogle Scholar
  6. 6.
    W. Meier, O. Staffelbach, The Self-Shrinking Generator, Proceedings of Eurocrypt’94, pp.205–214, Springer-Verlag, 1994.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Alex Biryukov
    • 1
  • Adi Shamir
    • 1
  1. 1.Computer Science DepartmentThe Weizmann InstituteRehovotIsrael

Personalised recommendations