Sosemanuk, a Fast Software-Oriented Stream Cipher

  • Côme Berbain
  • Olivier Billet
  • Anne Canteaut
  • Nicolas Courtois
  • Henri Gilbert
  • Louis Goubin
  • Aline Gouget
  • Louis Granboulan
  • Cédric Lauradoux
  • Marine Minier
  • Thomas Pornin
  • Hervé Sibert
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4986)

Abstract

Sosemanuk is a new synchronous software-oriented stream cipher, corresponding to Profile 1 of the ECRYPT call for stream cipher primitives. Its key length is variable between 128 and 256 bits. It accommodates a 128-bit initial value. Any key length is claimed to achieve 128-bit security. The Sosemanuk cipher uses both some basic design principles from the stream cipher SNOW 2.0 and some transformations derived from the block cipher SERPENT. Sosemanuk aims at improving SNOW 2.0 both from the security and from the efficiency points of view. Most notably, it uses a faster IV-setup procedure. It also requires a reduced amount of static data, yielding better performance on several architectures.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ahmadi, H., Eghlidos, T., Khazaei, S.: Improved guess and determine attack on SOSEMANUK. eSTREAM, ECRYPT Stream Cipher Project, Report 2005/085 (2005), http://www.ecrypt.eu.org/stream
  2. 2.
    Babbage, S.: A space/time trade-off in exhaustive search attacks on stream ciphers. In: European Convention on Security and Detection, vol. 408. IEEE Conference Publication (1995)Google Scholar
  3. 3.
    Biham, E., Anderson, R., Knudsen, L.: SERPENT: A new block cipher proposal. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 222–238. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. 4.
    Billet, O., Gilbert, H.: Resistance of SNOW 2.0 against algebraic attacks. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 19–28. Springer, Heidelberg (2005)Google Scholar
  5. 5.
    Biryukov, A., Shamir, A.: Cryptanalytic time-memory-data trade-offs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–14. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Braeken, A., Semaev, I.: The ANF of the composition of × and + mod 2n with a Boolean function. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 112–125. Springer, Heidelberg (2005)Google Scholar
  7. 7.
    De Cannière, C.: estream optimized code HOWTO. eSTREAM, ECRYPT Stream Cipher Project (2005), http://www.ecrypt.eu.org/stream/perf/
  8. 8.
    De Cannière, C.: Software performance of the phase 3 candidates. eSTREAM, ECRYPT Stream Cipher Project (2007), http://www.ecrypt.eu.org/stream/phase3perf.html
  9. 9.
    De Cannière, C.: Guess and determine attack on SNOW - NESSIE public reports (2001), https://www.cosic.esat.kuleuven.ac.be/nessie/reports/
  10. 10.
    Coppersmith, D., Halevi, S., Jutla, C.: Cryptanalysis of stream ciphers with linear masking. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Ekdahl, P., Johannson, T.: Distinguishing attacks on SOBER. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 210–224. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Ekdahl, P., Johansson, T.: A new version of the stream cipher SNOW. In: Kuich, W., Rozenberg, G., Salomaa, A. (eds.) DLT 2001. LNCS, vol. 2295, pp. 47–61. Springer, Heidelberg (2002)Google Scholar
  13. 13.
  14. 14.
    Golić, J.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997)Google Scholar
  15. 15.
    Good, T., Benaissa, M.: Hardware results for selected stream cipher candidates. eSTREAM, ECRYPT Stream Cipher Project, SASC, Report 2007/023 (2007), http://www.ecrypt.eu.org/stream
  16. 16.
    Hawkes, P., Rose, G.: Guess-and-determine attacks on SNOW. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 37–46. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Hellman, M.E.: A cryptanalytic time-memory trade-off. IEEE Transactions on Information Theory 26(4), 401–406 (1980)MATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Hong, J., Sarkar, P.: Rediscovery of time memory tradeoffs (2005), http://eprint.iacr.org/2005/090.ps
  19. 19.
    Howard, K.: Snow snake demonstration gives history lesson, http://www.turtletrack.org/Issues01/Co02102001/CO_02102001_Snowsnake.htm
  20. 20.
    Matsui, M., Fukuda, S.: How to maximize software performance of symmetric primitives on Pentiums. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 398–412. Springer, Heidelberg (2005)Google Scholar
  21. 21.
    Meier, W., Pasalic, E., Carlet, C.: Algebraic attacks and decomposition of Boolean functions. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 474–491. Springer, Heidelberg (2004)Google Scholar
  22. 22.
    Osvik, D.: Speeding up SERPENT. In: Second AES Candidate Conference (2000), http://www.ii.uib.no/~osvik/
  23. 23.
    Rueppel, R.A.: Analysis and Design of stream ciphers. Springer, Heidelberg (1986)MATHGoogle Scholar
  24. 24.
  25. 25.
    Tsunoo, Y., Saito, T., Shigeri, M., Suzaki, T., Ahmadi, H., Eghlidos, T., Khazaei, S.: Evaluation of SOSEMANUK with regard to guess-and-determine attacks. eSTREAM, ECRYPT Stream Cipher Project, Report 2006/009 (2005), http://www.ecrypt.eu.org/stream
  26. 26.
    Watanabe, D., Biryukov, A., De Cannière, C.: A distinguishing attack of SNOW 2.0 with linear masking method. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 222–233. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Côme Berbain
    • 1
  • Olivier Billet
    • 1
  • Anne Canteaut
    • 2
  • Nicolas Courtois
    • 3
  • Henri Gilbert
    • 1
  • Louis Goubin
    • 4
  • Aline Gouget
    • 5
  • Louis Granboulan
    • 6
  • Cédric Lauradoux
    • 2
  • Marine Minier
    • 7
  • Thomas Pornin
    • 8
  • Hervé Sibert
    • 9
  1. 1.Orange LabsFrance
  2. 2.INRIA-Rocquencourt, projet CODESFrance
  3. 3.University College of LondonUK
  4. 4.Université de VersaillesFrance
  5. 5.GemaltoFrance
  6. 6.EADSFrance
  7. 7.INSA de LyonFrance
  8. 8.Cryptolog InternationalFrance
  9. 9.NXP SemiconductorsFrance

Personalised recommendations