Advertisement

QUAD: A Practical Stream Cipher with Provable Security

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4004)

Abstract

We introduce a practical stream cipher with provable security named QUAD. The cipher relies on the iteration of a multivariate quadratic system of m equations in n < m unknowns over a finite field. The security of the keystream generation of QUAD is provably reducible to the conjectured intractability of the MQ problem, namely solving a multivariate system of quadratic equations. Our recommended version of QUAD uses a 80-bit key, 80-bit IV and an internal state of n = 160 bits. It outputs 160 keystream bits (m = 320) at each iteration until 240 bits of keystream have been produced.

References

  1. 1.
    Bardet, M.: Étude des systèmes algébriques surdéterminés. Applications aux codes correcteurs et à la cryptographie. PhD thesis, Université Paris VI (2004)Google Scholar
  2. 2.
    Bellare, M.: The Goldreich-Levin Theorem (1999), http://www-cse.ucsd.edu/users/mihir/courses.html
  3. 3.
    Blum, L., Blum, M., Shub, M.: A simple unpredictable pseudo-random number generator. SIAM J. Comput. 15(2), 364–383 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudo-random bits. SIAM J. Comput. 13(4), 850–864 (1984)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Coppersmith, D., Halevi, S., Jutla, C.S.: Cryptanalysis of stream ciphers with linear masking. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 515–532. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Courtois, N., Goubin, L., Meier, W., Tacier, J.-D.: Solving underdefined systems of multivariate quadratic equations. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 211–227. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Courtois, N., Meier, W.: Algebraic attacks on stream ciphers with linear feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Courtois, N., Patarin, J.: About the XL Algorithm over GF(2). In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 141–157. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Diem, C.: The XL-Algorithm and a Conjecture from Commutative Algebra. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 323–337. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    ECRYPT. eSTREAM: ECRYPT Stream Cipher Project, IST-2002-507932 (accessed September 29, 2005), available at: http://www.ecrypt.eu.org/stream/
  12. 12.
    Faugère, J.-C., Imai, H., Kawazoe, M., Sugita, M., Ars, G.: Comparison Between XL and Gröbner Basis Algorithms. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 338–353. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Fischer, J.-B., Stern, J.: An efficient pseudo-random generator provably as secure as syndrome decoding. In: McCurley, K.S., Ziegler, C.D. (eds.) Advances in Cryptology 1981 - 1997. LNCS, vol. 1440, pp. 245–255. Springer, Heidelberg (1999)Google Scholar
  14. 14.
    Fraenkel, A.S., Yesha, Y.: Complexity of solving algebraic equations. Inf. Process. Lett. 10(4/5), 178–179 (1980)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness, ch.7.2 Algebraic Equations over GF(2). W H Freeman & Co, New York (1979)Google Scholar
  16. 16.
    Gennaro, R.: An improved pseudo-random generator based on discrete log. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 469–481. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Goldreich, O.: Three xor-lemmas an exposition. Technical report, Weizmann Instritute of Science, Revohot, Israel (1995)Google Scholar
  18. 18.
    Goldreich, O.: Fondations of Cryptography, vol. 1. Cambridge University Press, Cambridge (2001)CrossRefGoogle Scholar
  19. 19.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Goldwasser, S., Bellare, M.: Lecture notes on cryptography (2001), available at: http://www-cse.ucsd.edu/users/mihir/courses.html
  21. 21.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Impagliazzo, R., Levin, L.A., Luby, M.: Pseudo-random generation from one-way functions. In: Johnson, D.S. (ed.) 21th ACM Symposium on Theory of Computing – STOC 1989, pp. 12–24. ACM Press, New York (1989)Google Scholar
  23. 23.
    Impagliazzo, R., Naor, M.: Efficient cryptographic schemes provably as secure as subset sum. Journal of Cryptology 9(4), 199–216 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Impagliazzo, R., Naor, M.: Efficient cryptographic schemes provably as secure as subset sum. J. Cryptology 9(4), 199–216 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Levin, L.A., Goldreich, O.: A hard-core predicate for all one-way functions. In: Johnson, D.S. (ed.) 21th ACM Symposium on Theory of Computing – STOC 1989, pp. 25–32. ACM Press, New York (1989)Google Scholar
  26. 26.
    Lidl, R., Niederreiter, H.: Finite Fields. Cambridge University Press, Cambridge (1997)zbMATHGoogle Scholar
  27. 27.
    National Institute of Standards and Technology. FIPS-197: Advanced Encryption Standard (November 2001), available at: http://csrc.nist.gov/publications/fips/
  28. 28.
    Patarin, J., Goubin, L.: Asymmetric cryptography with s-boxes. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 369–380. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  29. 29.
    Patarin, J., Goubin, L.: Asymmetric cryptography with s-boxes. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 369–380. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  30. 30.
    Håstad, J., Näslund, M.: Bmgl: Synchronous key-stream henerator with provable security (submitted to Nessie Project 2000)Google Scholar
  31. 31.
    Yao, A.: Theory and applications of trapdoor function. In: Foundations of Cryptography FOCS 1982 (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  1. 1.France Telecom Research and DevelopmentIssy-les-MoulineauxFrance
  2. 2.Université de VersaillesVersaillesFrance

Personalised recommendations