Advertisement

Two Trivial Attacks on Trivium

  • Alexander Maximov
  • Alex Biryukov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4876)

Abstract

Trivium is a stream cipher designed in 2005 by C. De Cannière and B. Preneel for the European project eSTREAM. It has an internal state of 288 bits and the key of length 80 bits. Although the design has a simple and elegant structure, no attack on it has been found yet.

In this paper a family of Trivium-like designs is studied. We propose a set of techniques for methodological cryptanalysis of these structures in general, including state recovering and linear distinguishing attacks. In particular, we study the original Trivium and present a state recovering attack with time complexity around c283.5, which is 230 faster than the best previous result. Our attack clearly shows that Trivium has a very thin safety margin and that in its current form it can not be used with longer 128-bit keys.

Finally, we identify interesting open problems and propose a new design Trivium/128, which resists all of our attacks proposed in this paper. It also accepts a 128 bit secret key due to the improved security level.

Keywords

Time Complexity Internal State Security Level Stream Cipher Attack Scenario 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. [BD05]
    Babbage, S., Dodd, M.: Mickey-128 (2005), http://www.ecrypt.eu.org/stream/ciphers/mickey128/mickey128.pdf
  2. [BGW99]
    Briceno, M., Goldberg, I., Wagner, D.: A pedagogical implementation of A5/1 (1999) (accessed August 18, 2003), available at http://jya.com/a51-pi.htm
  3. [Blu03]
    SIG Bluetooth. Bluetooth specification (2003) (accessed August 18, 2003), available at http://www.bluetooth.com
  4. [BSW00]
    Biryukov, A., Shamir, A., Wagner, D.: Real time cryptanalysis of A5/1 on a PC. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 1–13. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. [CP05]
    De Canniére, C., Preneel, B.: Trivium – a stream cipher construction inspired by block cipher design principles. eSTREAM, ECRYPT Stream Cipher Project, Report 2005/030 (2005-04-29) (2005), http://www.ecrypt.eu.org/stream
  6. [ECR05]
    eSTREAM: ECRYPT Stream Cipher Project, IST-2002-507932 (2005) (accessed September 29, 2005), available at http://www.ecrypt.eu.org/stream/
  7. [eDF05]
    eSTREAM Discussion Forum. A reformulation of trivium created on 02/24/06 12:52PM (2005), http://www.ecrypt.eu.org/stream/phorum/read.php?1,448
  8. [FM00]
    Fluhrer, S.R., McGrew, D.A.: Statistical analysis of the alleged RC4 keystream generator. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 19–30. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. [HJM05]
    Hell, M., Johansson, T., Meier, W.: Grain V.1. — a stream cipher for constrained environments (2005), http://www.it.lth.se/grain/grainV1.pdf
  10. [LMV05]
    Lu, Y., Meier, W., Vaudenay, S.: The conditional correlation attack: A practical attack on Bluetooth encryption. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 97–117. Springer, Heidelberg (2005)Google Scholar
  11. [LV04]
    Lu, Y., Vaudenay, S.: Cryptanalysis of Bluetooth keystream generator two-level E 0. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, Springer, Heidelberg (2004)Google Scholar
  12. [MJB04]
    Maximov, A., Johansson, T., Babbage, S.: An improved correlation attack on A5/1. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 1–18. Springer, Heidelberg (2004)Google Scholar
  13. [MS01]
    Mantin, I., Shamir, A.: Practical attack on broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. [NES99]
    NESSIE: New European Schemes for Signatures, Integrity, and Encryption (1999) (accessed August 18, 2003), available at http://www.cryptonessie.org
  15. [Rad06]
    Raddum, H.: Cryptanalytic results on trivium. eSTREAM, ECRYPT Stream Cipher Project, Report 2006/039 (2006), http://www.ecrypt.eu.org/stream
  16. [Sma03]
    Smart, N.: Cryptography: An Introduction. McGraw-Hill Education, New York (2003)Google Scholar
  17. [WSLM05]
    Whiting, D., Schneier, B., Lucks, S., Muller, F.: Phelix - fast encryption and authentication in a single cryptographic primitive. eSTREAM, ECRYPT Stream Cipher Project, Report 2005/020 (2005-04-29) (2005), http://www.ecrypt.eu.org/stream

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Alexander Maximov
    • 1
  • Alex Biryukov
    • 1
  1. 1.Laboratory of Algorithmics, Cryptology and Security, University of Luxembourg, 6, rue Richard Coudenhove-Kalergi, L-1359Luxembourg

Personalised recommendations