论文信息 - Key Recovery Attack on Stream Cipher Mir-1 Using a Key-Dependent S-Box

Key Recovery Attack on Stream Cipher Mir-1 Using a Key-Dependent S-Box

Mir-1 is a stream cipher proposed for Profile 1 at the ECRYPT Stream Cipher Project (eSTREAM). The Mir-1 designer claims a security level of at least 2128, meaning that the secret key cannot be recovered or that the Mir-1 output sequence cannot be distinguished from a truly random number sequence more efficiently than an exhaustive search. At SASC 2006, however, a distinguishing attack on Mir-1 was proposed making use of vulnerabilities in Mir-1 initialization. This paper shows that unknown entries in the key-dependent S-box used by Mir-1 can be classified into partially equivalent pairs by extending the SASC 2006 technique. It also demonstrates an attack that applies that information to recovering the Mir-1 secret key more efficiently than an exhaustive search. To the best of the authors' knowledge, the results described in this paper represent the first successful key recovery attack on Mir-1.

Yukiyasu Tsunoo | Teruo Saito | Hiroyasu Kubo | Tomoyasu Suzaki

[1] Philip Hawkes,et al. Turing: A Fast Stream Cipher , 2002, FSE.

[2] Hongjun Wu. A New Stream Cipher HC-256 , 2004, FSE.

[3] Shai Halevi,et al. Scream: A Software-Efficient Stream Cipher , 2002, FSE.

[4] Andrey Bogdanov,et al. ABC: A New Fast Flexible Stream Cipher , 2005 .

[5] Michael Wiener,et al. Advances in Cryptology — CRYPTO’ 99 , 1999 .

[6] Thomas W. Cusick,et al. The REDOC II Cryptosystem , 1990, CRYPTO.

[7] Ralph C. Merkle,et al. Fast Software Encryption Functions , 1990, CRYPTO.

[8] Gerhard Goos,et al. Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[9] Yukiyasu Tsunoo,et al. Cryptanalysis of Mir-1: A T-Function-Based Stream Cipher , 2007, IEEE Transactions on Information Theory.

[10] An-Ping Li. A new stream cipher: DICING , 2006, IACR Cryptol. ePrint Arch..

[11] Paul Crowley,et al. Mercy: A Fast Large Block Cipher for Disk Sector Encryption , 2000, FSE.

[12] Adi Shamir,et al. New Cryptographic Primitives Based on Multiword T-Functions , 2004, FSE.

[13] Bruce Schneier,et al. The Twofish encryption algorithm: a 128-bit block cipher , 1999 .

[14] Bruce Schneier,et al. Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.