Abstract
Many popular stream ciphers apply a filter/combiner to the state of one or several LFSRs. Algebraic attacks on such ciphers [10,11] are possible, if there is a multivariate relation involving the key/state bits and the output bits. [1,2,10,11] show that such relations exist for several well known constructions of stream ciphers immune to all previously known attacks. In particular, they allow to break two ciphers using LFSRs and completely “well designed” Boolean functions: Toyocrypt and LILI-128, see [10,11]. similar algebraic attacks exist also for the stateful combiner construction used in Bluetooth keystream generator E0 [1]. More generally, in [2] it is proven that they can break in polynomial time, any combiner with a fixed number of inputs and a fixed number of memory bits.
In this paper we present a method that allows to substantially reduce the complexity of all these attacks. We show that when the known keystream bits are consecutive, an important part of the equations will have a recursive structure, and this allows to partially replace the usual sub-cubic Gaussian algorithms for eliminating the monomials, by a much faster, essentially linear, version of the Berlekamp-Massey algorithm. The new method gives the fastest attack proposed so far for Toyocrypt, LILI-128 and the keystream generator that is used in E0 cipher. Moreover we present two new fast general algebraic attacks for stream ciphers using Boolean functions, applicable when the degree and/or the number of inputs is not too big.
Chapter PDF
Similar content being viewed by others
Keywords
References
Armknecht, F.: A Linearization Attack on the Bluetooth Key Stream Generator, December 13 (2002), Available on http://eprint.iacr.org/2002/191/
Armknecht, F., Krause, M.: Algebraic Atacks on Combiners with Memory. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 162–175. Springer, Heidelberg (2003)
Anderson, R.: Searching for the Optimum Correlation Attack. In: FSE 1994. LNCS, vol. 1008, pp. 137–143. Springer, Heidelberg (1994)
Babbage, S.: Cryptanalysis of LILI-128, Nessie project internal report, January 22 (2001), https://www.cosic.esat.kuleuven.ac.be/nessie/reports/
Blahut, R.E.: Theory and Practice of Error Control Codes. Addison-Wesley, Reading (1983)
Bluetooth, CIG, Specification of the Bluetooth system, Version 1.1, February 22 (2001), available from http://www.bluetooth.com
Brent, R.P., Gustavson, F.G., Yun, D.Y.Y.: Fast solution of Toeplitz systems of equations and computation of Padé approximants. J. Algorithms 1, 259–295 (1980)
Coppersmith, D., Winograd, S.: Matrix multiplication via arithmetic progressions. J. Symbolic Computation 9, 251–280 (1990)
Camion, P., Carlet, C., Charpin, P., Sendrier, N.: On Correlation-immune Functions. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 86–100. Springer, Heidelberg (1992)
Courtois, N.: Higher Order Correlation Attacks, XL algorithm and Cryptanalysis of Toyocrypt. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 182–199. Springer, Heidelberg (2003), An updated version (2002) is available at http://eprint.iacr.org/2002/087/
Courtois, N., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003), An extended version is available at http://www.minrank.org/toyolili.pdf
Courtois, N.: The security of Hidden Field Equations (HFE). In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 266–281. Springer, Heidelberg (2001)
Courtois, N., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002), a preprint with a different version of the attack is available at http://eprint.iacr.org/2002/044/
Dornstetter, J.-L.: On the Equivalence Between Berlekamp’s and Euclid’s Algorithms. IEEE Trans. on Information Theory IT-33(3), 428–431 (1987)
Filiol, E.: Decimation Attack of Stream Ciphers. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 31–42. Springer, Heidelberg (2000), Available on eprint.iacr.org/2000/040
Golic, J.D.: On the Security of Nonlinear Filter Generators. In: FSE 1996. LNCS, vol. 1039, pp. 173–188. Springer, Heidelberg (1996)
Golic, J.D., Bagini, V., Morgari, G.: Linear Cryptanalysis of Bluetooth Stream Cipher. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 238–255. Springer, Heidelberg (2002)
Löhlein, B.: Attacks based on Conditional Correlations against the Nonlinear Filter Generator, Available at http://eprint.iacr.org/2003/020/
Massey, J.L.: Shift-register synthesis and BCH decoding. IEEE Trans. Information Theory IT-15, 122–127 (1969)
Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. Journal of Cryptology 1(3), 159–176 (1989)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. Ch. 6. CRC Press, Boca Raton
Mihaljevic, M., Imai, H.: Cryptanalysis of Toyocrypt-HS1 stream cipher. IEICE Transactions on Fundamentals E85-A, 66–73 (2002), Available at http://www.csl.sony.co.jp/ATL/papers/IEICEjan02.pdf
Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt 1988. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)
Rueppel, R.A.: Analysis and Design of Stream Ciphers. Springer, Heidelberg (1986)
Shamir, A., Patarin, J., Courtois, N., Klimov, A.: Efficient Algorithms for solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)
Simpson, L., Dawson, E., Golic, J., Millan, W.: LILI Keystream Generator. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 248–261. Springer, Heidelberg (2001), See www.isrc.qut.edu.au/lili/
Saarinen, M.-J.O.: A Time-Memory Tradeoff Attack Against LILI- 128. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 231–236. Springer, Heidelberg (2002), available at http://eprint.iacr.org/2001/077/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Courtois, N.T. (2003). Fast Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Boneh, D. (eds) Advances in Cryptology - CRYPTO 2003. CRYPTO 2003. Lecture Notes in Computer Science, vol 2729. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-45146-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-45146-4_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40674-7
Online ISBN: 978-3-540-45146-4
eBook Packages: Springer Book Archive