Cryptanalysis of a Particular Case of Klimov-Shamir Pseudo-Random Generator

T-functions have been introduced by Shamir and Klimov in [1]. Those functions can be used in order to design a new class of stream ciphers. We present in this paper an algorithm which can retrieve the internal state of a particular class of pseudo-random generators based on T-functions. This algorithm has time complexity of $O(2^{\frac{n}{4}})$ and has memory complexity of O(n log2n ) for pseudo random generators which put out the n/2 most significants bits of their internal state at each time clock, n being the length of the internal state of the pseudo-random generator.

[1]  Adi Shamir,et al.  A New Class of Invertible Mappings , 2002, CHES.

[2]  Adi Shamir,et al.  Cryptographic Applications of T-Functions , 2003, Selected Areas in Cryptography.