Abstract
Ding et al [DNRS97] propose a stream generator based on several layers. We present several attacks. First, we observe that the non-surjectivity of a linear combination step allows us to recover half the key with minimal effort. Next, we show that the various bytes are insufficiently mixed by these layers, enabling an attack similar to those on two-loop Vigenere ciphers to recover the remainder of the key. Combining these techniques lets us recover the entire TWOPRIME key. We require the generator to produce 233 blocks (235 bytes), or 19 hours worth of output, of which we examine about one million blocks (223 bytes); the computational workload can be estimated at 228 operations. Another set of attacks trades off texts for time, reducing the amount of known plaintext needed to just eight blocks (64 bytes), while needing 232 time and 232 space. We also show how to break two variants of TWOPRIME presented in the original paper.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
C. Ding, V. Niemi, A. Renvall, and A. Salomaa, “TWOPRIME: A Fast Stream Ciphering Algorithm,” Fast Software Encryption, FSE’97, Springer LNCS volume 1267, pages 88–102, 1997.
B.S. Kaliski, “The MD2 Message Digest Algorithm,” RFC 1319, April 1992.
R.C. Merkle, “A Fast Software One-Way hash Function,” Journal of Cryp-tology, vol 3 no 1, 1990.
P.C. van Oorschot and M.J. Wiener, “Improving implementable meet-in-the-middle attacks by orders of magnitude,” CRYPTO’96, pages 228–236, Springer-Verlag, 1996.
B. Preneel, “Design principles for dedicated hash functions,” Fast Software Encryption, it FSE’93, Springer LNCS volume 809, pages 71–82, 1994.
A. Sinkov, Elementary Cryptanalysis, A Mathematical Approach. New York: Random House, 1968.
B. Tuckerman, “A study of the Vigenere-Vernam single and multiple loop enciphering systems,” IBM Research Report RC2879, 14 May 1970, York-town Heights NY.
R. Winternitz, “Producing One-Way Hash Functions from DES,” Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 203–207.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coppersmith, D., Wagner, D., Schneier, B., Kelsey, J. (1998). Cryptanalysis of TWOPRIME. In: Vaudenay, S. (eds) Fast Software Encryption. FSE 1998. Lecture Notes in Computer Science, vol 1372. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-69710-1_3
Download citation
DOI: https://doi.org/10.1007/3-540-69710-1_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64265-7
Online ISBN: 978-3-540-69710-7
eBook Packages: Springer Book Archive