Skip to main content
SpringerLink
Log in

Algebraic Attacks on Combiners with Memory and Several Outputs

  • Conference paper
Information Security and Cryptology – ICISC 2004 (ICISC 2004)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3506))

Included in the following conference series:

Abstract

Algebraic attacks on stream ciphers[14] recover the key by solving an overdefined system of multivariate equations. Such attacks can break many LFSR-based stream ciphers, when the output is obtained by a Boolean function, see [14,15,16]. Recently this approach has been successfully extended also to combiners with memory, provided the number of memory bits is small, see [1,16,2]. In [2] it is shown that, for ciphers built with LFSRs and an arbitrary combiner using a subset of k LFSR state bits, and with l inner state/memory bits, a polynomial attack always do exist when k and l are fixed. Yet this attack becomes very quickly impractical: already when k and l exceed about 4.

In this paper we give a simpler proof of this result from [2], and prove a more general theorem. We show that much faster algebraic attacks exist for any cipher that (in order to be fast) outputs several bits at a time. In practice our result substantially reduces the complexity of the best attack known on four well known constructions of stream ciphers when the number of outputs is increased. We present interesting attacks on modified versions of Snow, E0, LILI-128 and Turing ciphers.

Note: An extended version is available at eprint.iacr.org/2003/125/.

Work supported by the French Ministry of Research RNRT Project “X-CRYPT”.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Armknecht, F.: A Linearization Attack on the Bluetooth Key Stream Generator, December 13 (2002), Available on http://eprint.iacr.org/2002/191/

  2. Armknecht, F., Krause, M.: Algebraic Atacks on Combiners with Memory. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 162–176. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  3. Armknecht, F.: Improving fast algebraic attacks. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 65–82. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Anderson, R.: Searching for the Optimum Correlation Attack. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 137–143. Springer, Heidelberg (1995)

    Google Scholar 

  5. Barkan, E., Biham, E., Keller, N.: Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 600–616. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Bluetooth CIG, Specification of the Bluetooth system, Version 1.1, February 22 (2001), Available from www.bluetooth.com

  7. De Canniere, C.: Guess and Determine Attack on SNOW, Nessie public report, 12/11/2001, NES/DOC/KUL/WP5/011/a, available from http://www.cryptonessie.org

  8. Carlet, C., Prouff, E.: On a new notion of nonlinearity relevant to multi-output pseudo-random generators. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 291–305. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  9. Meier, W., Pasalic, E., Carlet, C.: Algebraic Attacks and Decomposition of Boolean Functions. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 474–491. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  10. Coppersmith, D., Halevi, S., Jutla, C.S.: Cryptanalysis of stream ciphers with linear masking. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 515. Springer, Heidelberg (2002), Available at http://eprint.iacr.org/2002/020/

    Chapter  Google Scholar 

  11. Camion, P., Carlet, C., Charpin, P., Sendrier, N.: On correlation-immune functions. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 86–100. Springer, Heidelberg (1992)

    Google Scholar 

  12. Coppersmith, D., Winograd, S.: Matrix multiplication via arithmetic progressions. J. Symbolic Computation 9, 251–280 (1990)

    Article  MATH  MathSciNet  Google Scholar 

  13. Courtois, N.: The security of hidden field equations (HFE). In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 266–281. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  14. Courtois, N.: Higher Order Correlation Attacks, XL algorithm and Cryptanalysis of Toyocrypt. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 182–199. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  15. Courtois, N., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003), An extended version is available at http://www.minrank.org/toyolili.pdf

    Chapter  Google Scholar 

  16. Courtois, N.: Fast Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 177–194. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  17. Courtois, N.: The inverse S-box, non-linear polynomial relations and cryptanalysis of block ciphers. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 170–188. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Courtois, N.: General Principles of Algebraic Attacks and New Design Criteria for Components of Symmetric Ciphers. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 67–83. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  19. Courtois, N., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  20. Ekdahl, P., Johansson, T.: SNOW - a new stream cipher. In: Proceedings of First NESSIE Workshop, Heverlee, Belgium (2000)

    Google Scholar 

  21. Ekdahl, P., Johansson, T.: A new version of the stream cipher SNOW. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 47–61. Springer, Heidelberg (2003), Available from http://www.it.lth.se/cryptology/snow/

    Chapter  Google Scholar 

  22. Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F5). In: Workshop on Applications of Commutative Algebra, Catania, Italy. ACM Press, New York (2002)

    Google Scholar 

  23. Golic, J.D.: On the Security of Nonlinear Filter Generators. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 173–188. Springer, Heidelberg (1996)

    Google Scholar 

  24. Golic, J.D.: Correlation Properties of a General Binary Combiner with Memory. Journal of Cryptology 9(2), 111–126 (1996)

    Article  MATH  MathSciNet  Google Scholar 

  25. Golic, J.D., Bagini, V., Morgari, G.: Linear Cryptanalysis of Bluetooth Stream Cipher. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 238–255. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  26. Jakobsen, T.: Cryptanalysis of Block Ciphers with Probabilistic Non-Linear Relations of Low Degree. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 212–222. Springer, Heidelberg (1998)

    Google Scholar 

  27. Hawkes, P., Rose, G.: Guess-and-determine attacks on SNOW. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 37–46. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  28. Hawkes, P., Rose, G.: Rewriting Variables: the Complexity of Fast Algebraic Attacks on Stream Ciphers. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 390–406. Springer, Heidelberg (2004), Available from eprint.iacr.org/2004/081/

    Google Scholar 

  29. Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. Journal of Cryptology 1(3), 159–176 (1989)

    Article  MATH  MathSciNet  Google Scholar 

  30. Meier, W., Staffelbach, O.: Correlation Properties of Combiners with Memory in Stream Ciphers. Journal of Cryptology 5(1), 67–86 (1992)

    Article  MATH  MathSciNet  Google Scholar 

  31. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography, ch. 6. CRC Press, Boca Raton

    Google Scholar 

  32. Nessie Security Report v2.0. or Nessie deliverable D20, available from http://www.cryptonessie.org

  33. Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt 1988. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)

    Google Scholar 

  34. Rose, G.G., Hawkes, P.: Turing: A fast stream cipher. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 290–306. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  35. Shamir, A., Patarin, J., Courtois, N., Klimov, A.: Efficient Algorithms for solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  36. Simpson, L., Dawson, E., Golic, J., Millan, W.: LILI Keystream Generator. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 248–261. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  37. Strassen, V.: Gaussian Elimination is Not Optimal. Numerische Mathematik 13, 354–356 (1969)

    Article  MATH  MathSciNet  Google Scholar 

  38. Zhang, M., Chan, A.: Maximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 501–514. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Axalto Cryptographic Research & Advanced Security, 36-38 rue de la Princesse, BP 45, F-78430, Louveciennes Cedex, France

    Nicolas T. Courtois

Authors
  1. Nicolas T. Courtois
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. National Security Research Institute, 305-348, Daejeon, Korea

    Choon-sik Park

  2. National Security Research Institute (NSRI), 161 Gajeong-dong, Yuseong-gu, 305-350, Daejeon, Korea

    Seongtaek Chee

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Courtois, N.T. (2005). Algebraic Attacks on Combiners with Memory and Several Outputs. In: Park, Cs., Chee, S. (eds) Information Security and Cryptology – ICISC 2004. ICISC 2004. Lecture Notes in Computer Science, vol 3506. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11496618_3

Download citation

  • DOI: https://doi.org/10.1007/11496618_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-26226-8

  • Online ISBN: 978-3-540-32083-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation