Conference Paper

State convergence and the effectiveness of time-memory-data tradeoffs.

DOI: 10.1109/ISIAS.2011.6122801 Conference: 7th International Conference on Information Assurance and Security, IAS 2011, Melacca, Malaysia, December 5-8, 2011
Source: DBLP

ABSTRACT Various time-memory tradeoffs attacks for stream ciphers have been proposed over the years. However, the claimed success of these attacks assumes the initialisation process of the stream cipher is one-to-one. Some stream cipher proposals do not have a one-to-one initialisation process. In this paper, we examine the impact of this on the success of time-memory-data tradeoff attacks. Under the circumstances, some attacks are more successful than previously claimed while others are less. The conditions for both cases are established.

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: A probabilistic method is presented which cryptanalyzes any N key cryptosystem in N^{2/3} operational with N^{2/3} words of memory (average values) after a precomputation which requires N operations. If the precomputation can be performed in a reasonable time period (e.g, several years), the additional computation required to recover each key compares very favorably with the N operations required by an exhaustive search and the N words of memory required by table lookup. When applied to the Data Encryption Standard (DES) used in block mode, it indicates that solutions should cost between 1 and 100 each. The method works in a chosen plaintext attack and, if cipher block chaining is not used, can also be used in a ciphertext-only attack.
    IEEE Transactions on Information Theory 08/1980; · 2.62 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Time-Memory Tradeoff (TMTO) attacks on stream ciphers are a serious security threat and the resistance to this class of attacks is an important criterion in the design of a modern stream cipher. TMTO attacks are especially effective against stream ciphers where a variant of the TMTO attack can make use of multiple data to reduce the off-line and the on-line time complexities of the attack (given a fixed amount of memory). In this paper we present a new approach to TMTO attacks against stream ciphers using a publicly known initial value (IV): We suggest not to treat the IV as part of the secret key material (as done in current attacks), but rather to choose in advance some IVs and apply a TMTO attack to streams produced using these IVs. We show that while the obtained tradeoff curve is identical to the curve obtained by the current approach, the new technique allows to mount the TMTO attack in a larger variety of settings. For example, if both the secret key and the IV are of length n, it is possible to mount an attack with data, time, and memory complex- ities of 24n/5, while in the current approach, either the time complexity or the memory complexity is not less than 2n. We conclude that if the IV length of a stream cipher is less than 1.5 times the key length, there exists an attack on the cipher with data, time, and memory complexities less than the complexity of exhaustive key search.
    Information Processing Letters 08/2008; 107:133-137. · 0.49 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: We propose a new keystream generator, intended for hardware implementation, called Mixer. The proposed generator is a combination of the filtering model and the control model. The design is simple and scalable, based on two binary feedback shift registers (FSRs) interconnected such that one FSR filtered by a nonlinear Boolean function controls the clocking and the output of the other FSR. Mixer takes a 128-bit secret key and a 64-bit public initialization vector IV as an input to produce a keystream. It has been designed to produce keystream sequences with guaranteed randomness properties such as large period, high linear complexity, good statistical properties, and is resistant to well known types of attacks. No attack faster than exhaustive key search has been found.
    Journal of Discrete Mathematical Sciences & Cryptography. 01/2008; 2(2).

Full-text (2 Sources)

Available from
May 19, 2014