Abstract
SSC2 is a stream cipher that operates by XORing the output of two “half-ciphers”. The first half-cipher is constructed from a linear feedback shift register (LFSR) with a non-linear filter. The second halfcipher is constructed from a lagged Fibonacci generator (LFG) and a multiplexor that chooses values from the Fibonacci register. The second half-cipher has a small cycle length π≈ 252. The initial state of the LFSR is derived by performing a fast correlation attack on the sequence resulting when XORing the key-stream at an interval of π words (thus cancelling the effect of the LFG). This attack requires around 225 words of this sequence and a few hours of computation. The initial state of the LFG is then derived from around 15300 outputs using around one second of computation.
Chapter PDF
Keywords
References
D. Bleichenbacher and W. Meier. Analysis of SSC2. Fast Software Encryption Workshop, FSE 2001, to be published in the Lecture Notes in Computer Science, Program chair: M. Matsui, Springer-Verlag, 2001.
C. Carroll, A. Chan, and M. Zhang. The software-oriented stream cipher SSC-II. In Proceedings of Fast Software Encryption Workshop 2000, pages 39–56, 2000.
V. Chepyzhov and B. Smeets. On a fast correlation attack on certain stream ciphers. Advances in Cryptology, EUROCRYPT’91, Lecture Notes in Computer Science, vol. 547, D. W. Davies ed., Springer-Verlag, pages 176–185, 1991.
J. Dj. Golić, M. Salmasizadeh, A. Clark, A. Khodkar, and E. Dawson. Discrete optimisations and fast correlation attacks. Cryptography: Policy and Algorithms, Lecture Notes in Computer Science, vol. 1029, E. Dawson, J. Golić eds., Springer, pages 186–200, 1996.
P. Hawkes and G. Rose. Correlation cryptanalysis of SSC2, 2000. Presented at the Rump Session of CRYPTO 2000.
P. Hawkes and G. Rose. Exploiting multiples of the connection polynomial in word-oriented stream ciphers. Advances in Cryptology, ASIACRYPT2000, Lecture Notes in Computer Science, vol. 1976, T. Okamoto ed., Springer-Verlag, pages 302–316, 2000.
T. Johansson and F Jönsson. Improved fast correlation attacks on stream ciphers via convolutional codes. Advances in Cryptology, EUROCRYPT’99, Lecture Notes in Computer Science, vol. 1592, J. Stern ed., Springer-Verlag, pages 347–362, 1999.
W. Meier and O. Staffelbach. Fast correlation attacks on certain stream ciphers. Advances in Cryptology, EUROCRYPT’88, Lecture Notes in Computer Science, vol. 330, C. G. Günther ed., Springer-Verlag, pages 301–314, 1988.
W. Meier and O. Staffelbach. Fast correlation attacks on certain stream ciphers. Journal of Cryptology, 1(3):159–176, 1989.
M. Mihaljević and J Golić. A comparison of cryptanalytic principles based on iterative error-correction. Advances in Cryptology, EUROCRYPT’91, Lecture Notes in Computer Science, vol. 547, D. W. Davies ed., Springer-Verlag, pages 527–531, 1991.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hawkes, P., Quick, F., Rose, G.G. (2001). A Practical Cryptanalysis of SSC2. In: Vaudenay, S., Youssef, A.M. (eds) Selected Areas in Cryptography. SAC 2001. Lecture Notes in Computer Science, vol 2259. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45537-X_2
Download citation
DOI: https://doi.org/10.1007/3-540-45537-X_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43066-7
Online ISBN: 978-3-540-45537-0
eBook Packages: Springer Book Archive