A Linear Distinguishing Attack on Scream

A linear distinguishing attack on the stream cipher Scream is proposed. When the keystream is of length 298 words, the distinguisher has a detectable advantage. When the keystream length is around 2120 the advantage is very close to 1. This shows certain weaknesses of Scream. In the process, the paper introduces new general ideas on how to improve the performance of linear distinguishing attacks on stream ciphers.

[1]  Shai Halevi,et al.  Scream: A Software-Efficient Stream Cipher , 2002, FSE.

[2]  Bart Preneel,et al.  A New Keystream Generator MUGI , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[3]  Nigel P. Smart,et al.  Cryptography: An Introduction , 2004 .

[4]  Scott R. Fluhrer Cryptanalysis of the SEAL 3.0 Pseudorandom Function Family , 2001, FSE.

[5]  Thomas Johansson,et al.  Distinguishing Attacks on SOBER-t16 and t32 , 2002, FSE.

[6]  Jovan Dj. Golic Cryptanalysis of three mutually clock-controlled stop/go shift registers , 2000, IEEE Trans. Inf. Theory.

[7]  Martin Boesgaard,et al.  Rabbit: A New High-Performance Stream Cipher , 2003, FSE.

[8]  Jovan Dj. Golic,et al.  Linear Statistical Weakness of Alleged RC4 Keystream Generator , 1997, EUROCRYPT.

[9]  Jovan Dj. Golic,et al.  Correlation via Linear Sequential Circuit Approximation of Combiners with memory , 1992, EUROCRYPT.

[10]  Jovan Dj CORRELATION VIA LINEAR SEQUENTIAL CIRCUIT APPROXIHATION OF COHBINERS WITH HEHORY , 1993 .

[11]  Jovan Dj A Weakness of the Linear Part of Stream Cipher MUGI , 2004 .

[12]  Philip Hawkes,et al.  Turing: A Fast Stream Cipher , 2002, FSE.

[13]  Thomas Johansson,et al.  A New Version of the Stream Cipher SNOW , 2002, Selected Areas in Cryptography.

[14]  Thomas Johansson,et al.  Another attack on A5/1 , 2003, IEEE Trans. Inf. Theory.

[15]  Jovan Dj. Golic,et al.  Linear models for a time-variant permutation generator , 1999, IEEE Trans. Inf. Theory.

[16]  Helena Handschuh Cryptanalysis of the Seal Encryption Algorithm , 1996 .

[17]  Alexander Maximov,et al.  An Improved Correlation Attack on A5/1 , 2004, Selected Areas in Cryptography.

[18]  Helena Handschuh,et al.  x2 Cryptanalysis of the SEAL Encryption Algorithm , 1997, FSE.

[19]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[20]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[21]  Alex Biryukov,et al.  A Distinguishing Attack of SNOW 2.0 with Linear Masking Method , 2003, Selected Areas in Cryptography.

[22]  Jovan Dj. Golic,et al.  Cryptanalysis of Alleged A5 Stream Cipher , 1997, EUROCRYPT.

[23]  Bruce Schneier,et al.  Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive , 2003, FSE.

[24]  Thomas Johansson,et al.  SNOW - A new stream cipher , 2000 .

[25]  Phillip Rogaway,et al.  A Software-Optimised Encryption Algorithm , 1993, FSE.

[26]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[27]  Jovan Dj Linear Statistical Weakness of Alleged RC4 Keystream Generator , 1997 .

[28]  Shai Halevi,et al.  Cryptanalysis of Stream Ciphers with Linear Masking , 2002, CRYPTO.

[29]  Jovan Dj. Golic,et al.  Intrinsic Statistical Weakness of Keystream Generators , 1994, ASIACRYPT.