Improved Linear Cryptanalysis of SOSEMANUK

  • Joo Yeon Cho
  • Miia Hermelin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5984)


The SOSEMANUK stream cipher is one of the finalists of the eSTREAM project. In this paper, we improve the linear cryptanalysis of SOSEMANUK presented in Asiacrypt 2008. We apply the generalized linear masking technique to SOSEMANUK and derive many linear approximations holding with the correlations of up to 2− 25.5. We show that the data complexity of the linear attack on SOSEMANUK can be reduced by a factor of 210 if multiple linear approximations are used. Since SOSEMANUK claims 128-bit security, our attack would not be a real threat on the security of SOSEMANUK.


Stream Ciphers Linear Cryptanalysis SOSEMANUK  SOBER-128 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R., Biham, E., Knudsen, L.: Serpent: A proposal for the advanced encryption standard. In: First Advanced Encryption Standard (AES) conference (1998)Google Scholar
  2. 2.
    Babbage, S., Canniere, C.: The eSTREAM portfolio (2008),
  3. 3.
    Berbain, C., Billet, O., Canteaut, A., Courtois, N., Gilbert, H., Goubin, L., Gouget, A., Granboulan, L., Lauradoux, C., Minier, M., Pornin, T., Sibert, H.: SOSEMANUK: a fast software-oriented stream cipher, eSTREAM, ECRYPT Stream Cipher Project, Report 2005/027 (2005),
  4. 4.
    Berbain, C., Gilbert, H., Maximov, A.: Cryptanalysis of grain. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 15–29. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Cho, J., Pieprzyk, J.: Algebraic attacks on SOBER-t32 and SOBER-t16 without stuttering. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 49–64. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Cho, J., Pieprzyk, J.: Distinguishing attack on SOBER-128 with linear masking. In: Batten, L.M., Safavi-Naini, R. (eds.) ACISP 2006. LNCS, vol. 4058, pp. 29–39. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Coppersmith, D., Halevi, S., Jutla, C.: Cryptanalysis of stream ciphers with linear masking. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 515–532. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Ekdahl, P., Johansson, T.: A new version of the stream cipher SNOW. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 47–61. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Hawkes, P., Rose, G.: Primitive specification for SOBER-128, Cryptology ePrint Archive, Report 2003/081 (2003),
  10. 10.
    Lee, J., Lee, D., Park, S.: Cryptanalysis of SOSEMANUK and SNOW 2.0 using linear masks. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 524–538. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    NIST, Nist announces encryption standard finalists (1999),
  12. 12.
    ECRYPT NoE, eSTREAM - the ECRYPT stream cipher project (2005),
  13. 13.
    Nyberg, K.: Correlation theorems in cryptanalysis. Discrete Applied Mathematics 111, 177–188 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Nyberg, K., Wallen, J.: Improved linear distinguishers for SNOW 2.0. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 144–162. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Wallén, J.: Linear approximations of addition modulo 2n. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 261–273. Springer, Heidelberg (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Joo Yeon Cho
    • 1
  • Miia Hermelin
    • 1
  1. 1.Department of Information and Computer ScienceHelsinki University of TechnologyTKKFinland

Personalised recommendations