On the Sosemanuk Related Key-IV Sets
Sosemanuk is a software-based stream cipher that has passed all three stages of the ECRYPT stream cipher project and is currently a member of the eSTREAM software portfolio. In the recent works on cryptanalysis of Sosemanuk, its relatively small inner state size of 384 bits was identified to be one of the reasons that the attacks were possible. In this paper, we show that another consequence of the small inner state size of Sosemanuk is the existence of several classes of (K,IV), (K′,IV′) pairs that yield correlated keystreams. In particular, we provide a distinguisher which requires less than 2 kilobytes of data and an inner state recovery algorithm that works for two sets of key-IV pairs of expected size ≈ 2128 each. In addition, a distinguisher requiring 252 keystream words is provided for another set of pairs of Sosemanuk instances. The expected number of such key-IV pairs is 2192. Although the security of Sosemanuk is not practically threatened, the found features add to understanding of the security of the cipher and also provide the basis for an elegant attack in the fault analysis model.
KeywordsState Size Stream Cipher State Recovery Linear Feedback Shift Register Linear Cryptanalysis
Unable to display preview. Download preview PDF.
- 1.Ahamadi, H., Eghidos, T., Khazaei, S.: Improved Guess and Determine Attack on Sosemanuk, Tehran (2006), http://www.ecrypt.eu.org/stream/sosemanukp3.html
- 4.Barenghi, A., Bertoni, G., Breveglieri, L., Pellicioli, M., Pelosi, G.: Low Voltage Fault Attacks to AES and RSA on General Purpose Processors, ePrint IACR Report, 130/2010Google Scholar
- 5.Berbain, C., Billet, O., Canteaut, A., Courtois, N., Gilbert, H., Goubin, L., Gouget, A., Granboulan, L., Lauradoux, C., Minier, M., Pornin, T., Sibert, H.: Sosemanuk, a Fast Software-Oriented Stream Cipher. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 98–118. Springer, Heidelberg (2008)CrossRefGoogle Scholar
- 11.eSTREAM, the ECRYPT Stream Cipher Project, http://www.ecrypt.eu.org/stream/
- 13.Grinstead, C.M., Snell, L.J.: Introduction to Probability. American Mathematical Society, 2nd edn. (1998)Google Scholar
- 18.Quisquater, J.-J., Delescaille, J.-P.: How Easy Is Collision Search? Application to DES. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 429–434. Springer, Heidelberg (1990)Google Scholar
- 20.Schmidt, J.-M., Herbst, C.: A Practical Fault Attack on Square and Multiply. In: Fault Diagnosis and Tolerance in Cryptography, 3rd International Workshop, FDTC 2008. IEEE-CS Press (2008)Google Scholar
- 21.Tsunoo, Y., Saito, T., Shigeri, M., Suzaki, T., Ahmadi, H., Eghlidos, T., Khazaei, S.: Evaluation of Sosemanuk With Regard to Guess-and-Determine attacks (2006), http://www.ecrypt.eu.org/stream/soemanukp3.html