Correlated Keystreams in Moustique
Moustique is one of the sixteen finalists in the eSTREAM stream cipher project. Unlike the other finalists it is a self-synchronising cipher and therefore offers very different functional properties, compared to the other candidates. We present simple related-key phenomena in Moustique that lead to the generation of strongly correlated keystreams and to powerful key-recovery attacks. Our best key-recovery attack requires only 238 steps in the related-key scenario. Since the relevance of related-key properties is sometimes called into question, we also show how the described effects can help speed up exhaustive search (without related keys), thereby reducing the effective key length of Moustique from 96 bits to 90 bits.
KeywordseSTREAM Moustique related keys
Unable to display preview. Download preview PDF.
- 1.Bernstein, D.J.: Related-key attacks: who cares? eSTREAM discussion forum (June 22, 2005), http://www.ecrypt.eu.org/stream/phorum/
- 2.Biham, E.: New Types of Cryptoanalytic Attacks Using related Keys (Extended Abstract). In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994) (extended Abstract)Google Scholar
- 3.Daemen, J., Kitsos, P.: The Self-Synchronising Stream Cipher Mosquito. eStream Report 2005/018, http://www.ecrypt.eu.org/stream/papers.html
- 4.Daemen, J., Kitsos, P.: The Self-Synchronising Stream Cipher Moustique, http://www.ecrypt.eu.org/stream/mosquitop3.html
- 5.Daemen, J., Lano, J., Preneel, B.: Chosen Ciphertext Attack on SSS. eStream Report 2005/044), http://www.ecrypt.eu.org/stream/papers.html
- 6.ECRYPT. The eSTREAM project, http://www.ecrypt.eu.org/stream/
- 8.Rose, G., Hawkes, P., Paddon, M., Wiggers de Vries, M.: Primitive Specification for SSS. eStream Report 2005/028, http://www.ecrypt.eu.org/stream/papers.html