Cryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks

  • Jung-Keun Lee
  • Dong Hoon Lee
  • Sangwoo Park
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5350)


In this paper, we present a correlation attack on Sosemanuk with complexity less than 2150. Sosemanuk is a software oriented stream cipher proposed by Berbain et al. to the eSTREAM call for stream cipher and has been selected in the final portfolio. Sosemanuk consists of a linear feedback shift register(LFSR) of ten 32-bit words and a finite state machine(FSM) of two 32-bit words. By combining linear approximation relations regarding the FSM update function, the FSM output function and the keystream output function, it is possible to derive linear approximation relations with correlation − 2− 21.41 involving only the keystream words and the LFSR initial state. Using such linear approximation relations, we mount a correlation attack with complexity 2147.88 and success probability 99% to recover the initial internal state of 384 bits. We also mount a correlation attack on SNOW 2.0 with complexity 2204.38.


stream cipher Sosemanuk SNOW 2.0 correlation attack linear mask 


  1. 1.
    Anderson, R., Biham, E., Knudsen, L.: Serpent: A Proposal for the Advanced Encryption Standard,
  2. 2.
    Babbage, S., et al.: The eSTREAM Portfolio (April 15, 2008),
  3. 3.
    Berbain, C., Billet, O., Canteaut, A., Courtois, N., Gilbert, H., Goubin, L., Gouget, A., Granboulan, L., Lauradoux, C., Minier, M., Pornin, T., Sibert, H.: SOSEMANUK, a fast software-oriented stream cipher. eSTREAM Report 2005/027 (2005)Google Scholar
  4. 4.
    Berbain, C., Gilbert, H., Maximov, A.: Cryptanalysis of Grain. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 15–29. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Bernstein, D.: Which eSTREAM ciphers have been broken? eSTREAM Report 2008/010 (2008)Google Scholar
  6. 6.
    Chepyzhov, V., Johansson, T., Smeets, B.: A Simple Algorithm for Fast Correlation Attacks on Stream Ciphers. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 181–195. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Cho, J., Pieprzyk, J.: Crossword Puzzle Attack on NLS. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 249–265. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Cho, J.: An Improved Estimate of the Correlation of Distinguisher for Dragon. In: Workshop Record of The State of the Art of Stream Ciphers (SASC 2008), pp. 11–20 (2008)Google Scholar
  9. 9.
    Coppersmith, D., Halevi, S., Jutla, C.: Cryptanalysis of stream ciphers with linear masking. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 515–532. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Ekdahl, P., Johansson, T.: SNOW - a new stream cipher,
  11. 11.
    Ekdahl, P., Johansson, T.: A new version of the stream cipher SNOW. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 47–61. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Golic, J., Bagini, V., Morgari, G.: Linear Cryptanalysis of Bluetooth Stream Cipher. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 238–255. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Nyberg, K.: Correlation theorems in cryptanalysis. Discrete Applied Mathematics 111, 177–188 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Nyberg, K., Wallén, J.: Improved Linear Distinguishers for SNOW 2.0. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 144–162. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Watanabe, D., Biryukov, A., De Canniere, C.: A Distinguishing Attack of SNOW 2.0 with Linear Masking Method. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 222–233. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Jung-Keun Lee
    • 1
  • Dong Hoon Lee
    • 1
  • Sangwoo Park
    • 1
  1. 1.ETRI Network & Communication Security DivisionDaejeonKorea

Personalised recommendations