A New Attack on the LEX Stream Cipher
In , Biryukov presented a new methodology of stream cipher design, called leak extraction. The stream cipher LEX, based on this methodology and on the AES block cipher, was selected to phase 3 of the eSTREAM competition. The suggested methodology seemed promising, and LEX, due to its elegance, simplicity and performance was expected to be selected to the eSTREAM portfolio.
In this paper we present a key recovery attack on LEX. The attack requires about 236.3 bytes of key-stream produced by the same key (possibly under many different IVs), and retrieves the secret key in time of 2112 simple operations. Following a preliminary version of our attack, LEX was discarded from the final portfolio of eSTREAM.
KeywordsLEX AES stream cipher design
- 1.Babbage, S.H., Dodd, M.: Specification of the Stream Cipher Mickey 2.0, submitted to eSTREAM (2006), http://www.ecrypt.eu.org/stream/p3ciphers/mickey/mickey_p3.pdf
- 2.Babbage, S.H: Improved “exhaustive search” attacks on stream ciphers. In: IEE European Convention on Security and Detection, IEE Conference publication, vol. 408, pp. 161–165. IEE (1995)Google Scholar
- 3.Bernstein, D.J.: Personal communication (2008)Google Scholar
- 7.Biryukov, A.: A New 128-bit Key Stream Cipher LEX, ECRYPT stream cipher project report 2005/013, http://www.ecrypt.eu.org/stream
- 8.Biryukov, A.: The Tweak for LEX-128, LEX-192, LEX-256, ECRYPT stream cipher project report 2006/037, http://www.ecrypt.eu.org/stream
- 13.Daemen, J., Rijmen, V.: AES Proposal: Rijndael, NIST AES proposal (1998)Google Scholar
- 16.ECRYPT, Call for Stream Cipher Primitives, version 1.3 (April 12, 2005), http://www.ecrypt.eu.org/stream/call/
- 17.Englund, H., Hell, M., Johansson, T.: A Note on Distinguishing Attacks. In: Preproceedings of State of the Art of Stream Ciphers workshop (SASC 2007), Bochum, Germany, pp. 73–78 (2007)Google Scholar
- 19.Goldreich, O., Levin, L.A.: A Hard-Core Predicate for all One-Way Functions. In: Proceedings of 21st STOC, pp. 25–32. ACM, New York (1989)Google Scholar
- 21.Håstad, J., Näslund, M.: BMGL: Synchronous Key-stream Generator with Provable Security. NESSIE project (submitted, 2000), http://www.nessie.eu.org
- 22.National Institute of Standards and Technology, Advanced Encryption Standard, Federal Information Processing Standards Publications No. 197 (2001)Google Scholar
- 23.Wu, H., Preneel, B.: Attacking the IV Setup of Stream Cipher LEX, ECRYPT stream cipher project report 2005/059, http://www.ecrypt.eu.org/stream