New Cryptanalysis of Irregularly Decimated Stream Ciphers

  • Bin Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5867)


In this paper we investigate the security of irregularly decimated stream ciphers. We present an improved correlation analysis of various irregular decimation mechanisms, which allows us to get much larger correlation probabilities than previously known methods. Then new correlation attacks are launched against the shrinking generator with Krawczyk’s parameters, LILI-∐, DECIM\(^{\textit{v2}}\) and DECIM-128 to access the security margin of these ciphers. We show that the shrinking generator with Krawczyk’s parameters is practically insecure; the initial internal state of LILI-∐ can be recovered reliably in 272.5 operations, if 224.1-bit keystream and 274.1-bit memory are available. This disproves the designers’ conjecture that the complexity of any divide-and-conquer attack on LILI-∐ is in excess of 2128 operations and requires a large amount of keystream. We also examine the main design idea behind DECIM, i.e., to filter and then decimate the output using the ABSG algorithm, by showing a class of correlations in the ABSG mechanism and mounting attacks faster than exhaustive search on a 160-bit (out of 192-bit) reduced version of DECIM\(^{\textit{v2}}\) and on a 256-bit (out of 288-bit) reduced version of DECIM-128. Our result on DECIM is the first nontrivial cryptanalytic result besides the time/memory/data tradeoffs. While our result confirms the underlying design idea, it shows an interesting fact that the security of DECIM rely more on the length of the involved LFSR than on the ABSG algorithm.


  1. 1.
    Babbage, S., De Cannière, C., Canteaut A., et al.: The eSTREAM portfolio,
  2. 2.
    Berbain, C., Billet, O., Canteaut, A., Courtois, N., et al.: DECIMv2. In: Robshaw, M.J.B., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 140–151. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Berbain, C., Gouget, A., Sibert, H.: Understanding Phase Shifting Equivalent Keys and Exhaustive Search,
  4. 4.
    Canteaut, A., Trabbia, M.: Improved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 573–588. Springer, Heidelberg (2000)Google Scholar
  5. 5.
    Chose, P., Joux, A., Mitton, M.: Fast Correlation Attacks: An Algorithmic Point of View. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 209–221. Springer, Heidelberg (2002)Google Scholar
  6. 6.
    Dawson, E., Clark, A., Golić, J., Fuller, J., et al.: The LILI-128 Keystream Generator. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 248–261. Springer, Heidelberg (2001)Google Scholar
  7. 7.
    Clark, A., Dawson, E., Fuller, J., Golić, J., et al.: The LILI-∐ Keystream Generator. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 25–39. Springer, Heidelberg (2002)Google Scholar
  8. 8.
    Coppersmith, D., Krawczyk, H., Mansour, Y.: The Shrinking Generator. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 22–39. Springer, Heidelberg (1994)Google Scholar
  9. 9.
    Courtois, N.T., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003)Google Scholar
  10. 10.
    Courtois, N.T.: Fast Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003)Google Scholar
  11. 11.
    Englund, H., Johansson, T.: A New Distinguisher for Clock Controlled Stream Ciphers. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 181–195. Springer, Heidelberg (2005)Google Scholar
  12. 12.
    Ekdahl, P., Johansson, T.: Predicting the Shrinking Generator with Fixed Connections. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 330–344. Springer, Heidelberg (2003)Google Scholar
  13. 13.
    Golić, J.D., Mihaljević, M.j.: A Generalized Correlation Attack on a Class of Stream Ciphers Based on the Levenshtein Distance. Journal of Cryptology 3(3), 201–212 (1991)Google Scholar
  14. 14.
    Golić, J.D.: Embedding and Probabilistic Correlation Attacks on Clocked-Controlled Shift Registers. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 230–243. Springer, Heidelberg (1995)Google Scholar
  15. 15.
    Golić, J.D.: Towards Fast Correlation Attacks on Irregularly Clocked Shift Registers. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 248–262. Springer, Heidelberg (1995)Google Scholar
  16. 16.
    Golić, J.D.: Correlation Analysis of the Shrinking Generator. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 440–457. Springer, Heidelberg (2001)Google Scholar
  17. 17.
    Gouget, A., Sibert, H., Berbain, C., Courtois, N.T., Debraize, B., Mitchell, C.: Analysis of the Bit-Search Generator and Sequence Compression Techniques. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 196–214. Springer, Heidelberg (2005)Google Scholar
  18. 18.
    Gouget, A., Sibert, H.: How to Strengthen Pseudo-Random Generators by Using Compression. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 129–146. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    Krawczyk, H.: The Shrinking Generator: Some Practical Considerations. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 809, pp. 45–46. Springer, Heidelberg (1994)Google Scholar
  20. 20.
    Johansson, T., Jönsson, F.: Fast Correlation Attacks through Reconstruction of Linear Polynomials. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 300–315. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  21. 21.
    Krause, M.: BDD-Based Cryptanalysis of Keystream Generators. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 222–237. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  22. 22.
    Pasalic, E.: Key Differentiation Attacks on Stream Ciphers,
  23. 23.
    Meier, W., Staffelbach, O.: Fast Correlation Attacks on Certain Stream Ciphers. Journal of Cryptology, 159–176 (1989)Google Scholar
  24. 24.
    Molland, H., Helleseth, T.: An Improved Correlation Attack Against Irregular Clocked and Filtered Keystream Generators. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 373–389. Springer, Heidelberg (2004)Google Scholar
  25. 25.
    Nakagami, H., Teramura, R., Ohigashi, T., Kuwakado, H.: A Chosen IV Attack Using Phase Shifting Equivalent Keys Against Decimv2,
  26. 26.
    Zhang, B., Wu, H., Feng, D., Bao, F.: A Fast Correlation Attack on the Shrinking Generator. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 72–86. Springer, Heidelberg (2005)Google Scholar
  27. 27.
    Zhang, B., Feng, D.: An Improved Fast Correlation Attack on Stream Ciphers. In: Avanzi, R., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 214–227. Springer, Heidelberg (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Bin Zhang
    • 1
  1. 1.Laboratory of Algorithmics, Cryptology and SecurityUniversity of LuxembourgLuxembourg

Personalised recommendations