A fault attack is a powerful cryptanalytic tool which can be applied to many types of cryptosystems which are not vulnerable to direct attacks. The research literature contains many examples of fault attacks on public key cryptosystems and block ciphers, but surprisingly we could not find any systematic study of the applicability of fault attacks to stream ciphers. Our goal in this paper is to develop general techniques which can be used to attack the standard constructions of stream ciphers based on LFSR’s, as well as more specialized techniques which can be used against specific stream ciphers such as RC4, LILI-128 and SOBER-t32. While most of the schemes can be successfully attacked, we point out several interesting open problems such as an attack on FSM filtered constructions and the analysis of high Hamming weight faults in LFSR’s.


Stream cipher LFSR fault attack Lili-128 SOBER-t32 RC4 


  1. 1.
    Anderson, R.: Optical Fault Induction (June 2002)Google Scholar
  2. 2.
    Boneh, Demillo, Lipton: On the Importance of Checking Cryptographic Prtocols for Faults (September 1996)Google Scholar
  3. 3.
    Biham, Shamir: A New Cryptanalytic Attack on DES: Differential Fault Analysis (October 1996) Google Scholar
  4. 4.
    Dawson, E., Clark, A., Golic, J., Millan, W., Penna, L., Simpson, L.: The LILI-128 Keystream Generator (November 2000)Google Scholar
  5. 5.
    Halevi, S., Coppersmith, D., Jutla, C.: Scream an efficient stream cipher (June 2002)Google Scholar
  6. 6.
    Coppersmith, D., Krawczyk, H., Mansour, Y.: The shrinking generator. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 22–39. Springer, Heidelberg (1994)Google Scholar
  7. 7.
    Hawks, P., Rose, G.G.: Primitive Specification and Supporting Documentation for SOBER-t32 Submission to NESSIE (June 2003)Google Scholar
  8. 8.
    Mantin, I., Shamir, A.: A Practical Attack on Broadcast RC4. FSE 2001Google Scholar
  9. 9.
    Golic, J.D., Morgari, G.: On the Resynchronization Attack. FSE 2003Google Scholar
  10. 10.
    Golic, J.D., Morgari, G.: Correlation Analysis of the Alternating Step Generator. Designs, Codes and Cryptography 31, 51–74 (2004)zbMATHCrossRefGoogle Scholar
  11. 11.
    Dubuc, S.: Characterization of linear structures. Designs, Codes and Cryptography 22, 33–45 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Courtois, N., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Eurocrypt 2003 (2003)Google Scholar
  13. 13.
    Babbage, S.: Cryptanalysis of LILI-128. In: Proceedings of the 2nd NESSIE Workshop (2001)Google Scholar
  14. 14.
    Babbage, S., De Cannière, C., Lano, J., Preneel, B., Vandewalle, J.: Cryptanalysis of SOBER-t32. In: FSE 2003 (2003)Google Scholar
  15. 15.
    Cho, J.Y., Pieprzyk, J.: Algebraic Attacks on SOBER-t32 and SOBER- 128. In: FSE 2004Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Jonathan J. Hoch
    • 1
  • Adi Shamir
    • 1
  1. 1.Department of Computer Science and Applied MathematicsThe Weizmann Institute of ScienceIsrael

Personalised recommendations