FASER128: Cryptanalysis and Its Countermeasure

  • M. K. DubeyEmail author
  • Navneet Gaba
  • S. S. Bedi
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 655)


Many symmetric key encryption schemes have been designed to ensure the confidentiality of data only. Data integrity plays an important role of security in various encryption scheme. Assuming this fact, many researchers have focused their research to design Authenticated Encryption (AE) schemes that provide both confidentiality and authenticity. FASER is one of them which was submitted in CAESAR competition and withdrawn in later due to an attack reported in the paper [6]. It has two parent ciphers namely FASER128 and FASER256. Cryptanalysis of FASER128 was studied by the authors in [6, 7] and mentioned some serious flaws in the design of the crypto algorithm. Due to these flaws, both the parent ciphers of the FASER have been withdrawn. In this paper, we study the cryptanalysis of FASER128 by key recovery attack and discuss some weaknesses. We have also suggested some modifications of cryptoalgorithm to avoid the key recovery attack.


Stream cipher Key recovery attack Authenticated encryption 



The authors greatly indebted to Ms. Neelam Verma, Scientist G and Ms. Anu Khosla, Director, SAG, DRDO for their full cooperation and financial supports. The third author wishes to express his thanks to DRDO headquarter for DRDO fellowship.


  1. 1.
    CAESAR: Competition for authenticated encryption: Security applicability and robustness.
  2. 2.
    Argen, M., Londhahl, C., Hell, M., Johansson, T.: A survey on fast correlation attack. Crypt. Commun. 4(3), 173–202 (2012)MathSciNetGoogle Scholar
  3. 3.
    Bellare, M., Kohno, T., Namprempre, C.: Authentication encryption in SSH: provably fixing the SSH binary packet protocol. In: ACM Conference on Computer and Communications Security (CCS-9), pp. 1–31. ACM Press (2002)Google Scholar
  4. 4.
    Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000). doi: 10.1007/3-540-44448-3_41 CrossRefGoogle Scholar
  5. 5.
    Chaza, F., MacDonald, C., Avanzi, R.: FASER v1: Authenticated encryption in a feedback shift register, CAESER (2014)Google Scholar
  6. 6.
    Xu, C., Zhang, B., Feng, D.: Linear cryptanalysis of FASER128/256 and TriviA-ck. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 237–254. Springer, Cham (2014). doi: 10.1007/978-3-319-13039-2_14 Google Scholar
  7. 7.
    Feng, X., Zhang, F.: A real time key recovery attack on the authenticated FASER128. Cryptology ePrint Arxhive, Report 2014/258 (2014).

Copyright information

© Springer Nature Singapore Pte Ltd. 2017

Authors and Affiliations

  1. 1.SAGDRDODelhiIndia

Personalised recommendations