Mixing Property Tester: A General Framework for Evaluating the Mixing Properties of Initialization of Stream Ciphers
In this paper, a general framework for evaluating the mixing properties of initialization of stream ciphers, called Mixing Property Tester-MPT, is exploited and formalized. Based on this general framework, we propose a concrete and efficient algorithm, which can compute the maximum number of initialization rounds of a given stream cipher such that any internal state bit or generated keystream bit does not achieve full mixing properties. Our algorithm has linear time complexity and needs a negligible amount of memory. As illustrations, we apply our algorithm to ZUC-128, ZUC-256 and Trivium stream ciphers. The results show that though ZUC-256 has a much larger initial input size than ZUC-128, its mixing properties are almost as good as ZUC-128. As for Trivium, the tap positions of keystream output function are not chosen optimally with respect to this tester and we provide some better selections of tap positions. As a general cryptanalytic tool, MPT can help to give the designers more insights to choose the initialization functions and the required number of initialization rounds.
KeywordsStream cipher Initialization Mixing property ZUC-128 ZUC-256 Trivium
The authors would like to thank the anonymous reviewers for their valuable comments and suggestions. This work was supported by the National Natural Science Foundation of China under Grant 61602514, 61802437, 61272488, 61202491, 61572516, 61272041, 61772547, National Cryptography Development Fund under Grant MMJJ20170125 and National Postdoctoral Program for Innovative Talents under Grant BX201700153.
- 1.ETSI/SAGE: Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3, Document 2: ZUC Specification, Version 1.6, 28 June 2011. http://gsmworld.com/documents/EEA3_EIA3_ZUC_v1_6.pdf
- 4.Lafitte, F., Markowitch, O., Heule, D.V.: SAT based analysis of LTE stream cipher ZUC. J. Inf. Secur. Appl. 22, 54–65 (2015)Google Scholar
- 5.Design Team: ZUC-256 stream cipher. J. Cryptologic Res. 5(2), 167–179 (2018)Google Scholar
- 9.Liu, M., Lin, D., Wang, W.: Searching cubes for testing Boolean functions and its application to Trivium. In: IEEE International Symposium on Information Theory (ISIT 2015), Hong Kong, China, 14–19 June 2015, pp. 496–500. IEEE (2015)Google Scholar
- 12.Wang, Q., Hao, Y., Todo, Y., Li, C., Isobe, T., Meier, W.: Improved division property based cube attacks exploiting algebraic properties of superpoly. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 275–305. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_10CrossRefGoogle Scholar
- 13.Englund, H., Johansson, T., Sönmez Turan, M.: A framework for chosen IV statistical analysis of stream ciphers. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 268–281. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-77026-8_20CrossRefGoogle Scholar
- 20.Sönmez Turan, M., Kara, O.: Linear approximations for 2-round trivium. In: Proceedings of First International Conference on Security of Information and Networks (SIN 2007), Gazimagusa (TRNC), North Cyprus, 8–10 May 2007, pp. 96–105. Trafford Publishing (2007)Google Scholar