Improving the Performance of the SYND Stream Cipher

  • Mohammed Meziani
  • Gerhard Hoffmann
  • Pierre-Louis Cayrel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7374)


In 2007, Gaborit et al. proposed the stream cipher SYND as an improvement of the pseudo random number generator due to Fischer and Stern. This work shows how to improve considerably the efficiency the SYND cipher without using the so-called regular encoding and without compromising the security of the modified SYND stream cipher. Our proposal, called XSYND, uses a generic state transformation which is reducible to the Regular Syndrome Decoding problem (RSD), but has better computational characteristics than the regular encoding. A first implementation shows that XSYND runs much faster than SYND for a comparative security level (being more than three times faster for a security level of 128 bits, and more than 6 times faster for 400-bit security), though it is still only half as fast as AES in counter mode. Parallel computation may yet improve the speed of our proposal, and we leave it as future research to improve the efficiency of our implementation.


Stream ciphers Provable security Syndrome Decoding 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Overview of IEEE 802.11b Security. Intel Technology Journal Q2 (2000)Google Scholar
  3. 3.
    Specification of the Bluetooth system, vol. 1.1 (February 2001),
  4. 4.
    Alexi, W., Chor, B., Goldreich, O., Schnorr, C.P.: RSA and Rabin functions: certain parts are as hard as the whole. SIAM J. Comput. 17(2), 194–209 (1988)MathSciNetMATHCrossRefGoogle Scholar
  5. 5.
    Augot, D., Finiasz, M., Sendrier, N.: A Family of Fast Syndrome Based Cryptographic Hash Functions. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 64–83. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Goldreich, O., Goldwasser, S.: Incremental Cryptography: The Case of Hashing and Signing. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 216–233. Springer, Heidelberg (1994)Google Scholar
  7. 7.
    Bellare, M., Goldreich, O., Goldwasser, S.: Incremental cryptography and application to virus protection. In: Proceedings of the Twenty-Seventh Annual ACM Symposium on Theory of Computing, STOC 1995, pp. 45–56. ACM (1995)Google Scholar
  8. 8.
    Bellare, M., Micciancio, D.: A New Paradigm for Collision-Free Hashing: Incrementality at Reduced Cost. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 163–192. Springer, Heidelberg (1997)Google Scholar
  9. 9.
    Berbain, C., Gilbert, H., Patarin, J.: QUAD: A multivariate stream cipher with provable security. J. Symb. Comput. 44(12), 1703–1723 (2009)MathSciNetMATHCrossRefGoogle Scholar
  10. 10.
    Berlekamp, E., McEliece, R., van Tilborg, H.: On the inherent intractability of certain coding problems. IEEE Transactions on Information Theory 24(2), 384–386 (1978)MATHCrossRefGoogle Scholar
  11. 11.
    Bernstein, D.J.: Better price-performance ratios for generalized birthday attacks. In: Workshop Record of SHARCS 2007: Special-purpose Hardware for Attacking Cryptographic Systems (2007)Google Scholar
  12. 12.
    Bernstein, D.J., Lange, T., Peters, C., Schwabe, P.: Really Fast Syndrome-Based Hashing. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 134–152. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Blum, L., Blum, M., Shub, M.: A simple unpredictable pseudo random number generator. SIAM J. Comput. 15(2), 364–383 (1986)MathSciNetMATHCrossRefGoogle Scholar
  14. 14.
    Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput. 13(4), 850–864 (1984)MathSciNetMATHCrossRefGoogle Scholar
  15. 15.
    Finiasz, M., Sendrier, N.: Security Bounds for the Design of Code-Based Cryptosystems. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 88–105. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Fischer, J.-B., Stern, J.: An Efficient Pseudo-random Generator Provably as Secure as Syndrome Decoding. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 245–255. Springer, Heidelberg (1996)Google Scholar
  17. 17.
    Gaborit, P., Zémor, G.: Asymptotic improvement of the Gilbert-Varshamov bound for linear codes, vol. abs/0708.4164 (2007)Google Scholar
  18. 18.
    Gaborit, P., Laudaroux, C., Sendrier, N.: SYND: a very fast code-based cipher stream with a security reduction. In: IEEE Conference, ISIT 2007, Nice, France, pp. 186–190 (July 2007)Google Scholar
  19. 19.
    Goldreich, O., Levin, L.A.: A hard-core predicate for all one-way functions. In: STOC 1989: Proc. of the Twenty-First Annual ACM Symposium on Theory of Computing, pp. 25–32. ACM (1989)Google Scholar
  20. 20.
    Golić, J.D.: Cryptanalysis of Alleged A5 Stream Cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997)Google Scholar
  21. 21.
    Hellman, M.: A cryptanalytic time-memory trade-off. IEEE Transactions on Information Theory 26, 401–406 (1980)MathSciNetMATHCrossRefGoogle Scholar
  22. 22.
    Hong, J., Sarkar, P.: Rediscovery of time memory tradeoffs. Cryptology ePrint Archive, Report 2005/090 (2005),
  23. 23.
    Impagliazzo, R., Naor, M.: Efficient cryptographic schemes provably as secure as subset sum. J. Cryptology 9(4), 199–216 (1996)MathSciNetMATHCrossRefGoogle Scholar
  24. 24.
    Kaliski, B.S.: Elliptic Curves and Cryptography: A Pseudorandom Bit Generator and Other Tools. Phd thesis. MIT, Cambridge, MA, USA (1988)Google Scholar
  25. 25.
    Käsper, E., Schwabe, P.: Faster and Timing-Attack Resistant AES-GCM. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 1–17. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  26. 26.
    May, A., Meurer, A., Thomae, E.: Decoding Random Linear Codes in \(\tilde{\mathcal{O}}(2^{0.054n})\). In: Lee, D.H. (ed.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 107–124. Springer, Heidelberg (2011)Google Scholar
  27. 27.
    Meziani, M., Cayrel, P.-L., El Yousfi Alaoui, S.M.: 2SC: An Efficient Code-Based Stream Cipher. In: Kim, T.-H., Adeli, H., Robles, R.J., Balitanas, M. (eds.) ISA 2011. CCIS, vol. 200, pp. 111–122. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  28. 28.
    Minder, L., Sinclair, A.: The extended k-tree algorithm. In: Proc. of the Twentieth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2009, pp. 586–595 (2009)Google Scholar
  29. 29.
    Niebuhr, R., Cayrel, P.-L., Buchmann, J.: Improving the Efficiency of Generalized Birthday Attacks Against Certain Structured Cryptosystems. In: WCC 2011. LNCS, pp. 163–172. Springer, Heidelberg (2011)Google Scholar
  30. 30.
    Saarinen, M.-J.O.: Linearization Attacks Against Syndrome Based Hashes. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 1–9. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  31. 31.
    Shor, P.W.: Algorithms for Quantum Computation: Discrete Logarithms and Factoring. In: SFCS 1994: Proc. of the 35th Annual Symposium on Foundations of Computer Science, pp. 124–134. IEEE Computer Society (1994)Google Scholar
  32. 32.
    Håstad, J., Näslund, M.: BMGL: Synchronous key-stream generator with provable security (2001)Google Scholar
  33. 33.
    Wagner, D.: A Generalized Birthday Problem (Extended Abstract). In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–304. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Mohammed Meziani
    • 1
  • Gerhard Hoffmann
    • 2
  • Pierre-Louis Cayrel
    • 3
  1. 1.CASED – Center for Advanced Security Research DarmstadtDarmstadtGermany
  2. 2.Fachbereich Informatik, Kryptographie und ComputeralgebraTechnische Universität DarmstadtDarmstadtGermany
  3. 3.Laboratoire Hubert CurienUMR CNRS 5516Saint-EtienneFrance

Personalised recommendations