A Complete Divide and Conquer Attack on the Alpha1 Stream Cipher

Alpha1 is a stream cipher with a key size of 128 bits. It was proposed as a replacement algorithm for the stream cipher A5 to supply confidentiality over mobile communication systems. Alpha1 consists of four binary linear feedback shift registers. Previous attacks on Alpha1 only recover the initial state of the shortest register. In this paper we present a complete divide and conquer attack, starting with an improved attack on the shortest register, and continuing the attack to recover the remaining three registers. Although Alpha1 is a 128-bit stream cipher, the key can be recovered through this divide and conquer attack with complexity 261, using 35,000 bits of known plaintext.

[1]  Robert H. Deng,et al.  Cryptanalysis of Some Hash Functions Based on Block Ciphers and Codes , 2002, Informatica.

[2]  Bin Zhang,et al.  Chosen Ciphertext Attack on a New Class of Self-Synchronizing Stream Ciphers , 2004, INDOCRYPT.

[3]  Joos Vandewalle,et al.  Resynchronization Weaknesses in Synchronous Stream Ciphers , 1994, EUROCRYPT.

[4]  Robert H. Deng,et al.  Improved Truncated Differential Attacks on SAFER , 1998, ASIACRYPT.

[5]  Frederik Armknecht,et al.  Extending the Resynchronization Attack , 2004, Selected Areas in Cryptography.

[6]  Matthew J. B. Robshaw,et al.  Key-Dependent S-Boxes and Differential Cryptanalysis , 2002, Des. Codes Cryptogr..

[7]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[8]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[9]  J.L. Massey,et al.  Theory and practice of error control codes , 1986, Proceedings of the IEEE.

[10]  Geoff Sullivan,et al.  PURPLE REVEALED: SIMULATION AND COMPUTER-AIDED CRYPTANALYSIS OF ANGOOKI TAIPU B , 2003, Cryptologia.

[11]  Martin Boesgaard,et al.  Rabbit: A New High-Performance Stream Cipher , 2003, FSE.

[12]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[13]  Jovan Dj. Golic,et al.  Linear Statistical Weakness of Alleged RC4 Keystream Generator , 1997, EUROCRYPT.

[14]  Thomas Johansson,et al.  Improved Fast Correlation Attacks on Stream Ciphers via Convolutional Codes , 1999, EUROCRYPT.

[15]  Ilya Mironov,et al.  (Not So) Random Shuffles of RC4 , 2002, IACR Cryptol. ePrint Arch..

[16]  Feng Bao,et al.  Cryptanalysis of Stream Cipher COS(2, 128) Mode I , 2002, ACISP.

[17]  Bart Preneel,et al.  Solving Systems of Differential Equations of Addition , 2005, ACISP.

[18]  Bruce Schneier,et al.  Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive , 2003, FSE.

[19]  Geoff Sullivan,et al.  BREAKING GERMAN ARMY CIPHERS , 2005, Cryptologia.

[20]  Itsik Mantin,et al.  Predicting and Distinguishing Attacks on RC4 Keystream Generator , 2005, EUROCRYPT.

[21]  Thomas Johansson,et al.  Fast Correlation Attacks Based on Turbo Code Techniques , 1999, CRYPTO.

[22]  Jovan Dj. Golic,et al.  Towards Fast Correlation Attacks on Irregularly Clocked Shift Registers , 1995, EUROCRYPT.

[23]  Anne Canteaut,et al.  Improved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5 , 2000, EUROCRYPT.

[24]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[25]  Thomas Beth,et al.  The Stop-and-Go Generator , 1985, EUROCRYPT.

[26]  Thomas Johansson,et al.  Fast Correlation Attacks through Reconstruction of Linear Polynomials , 2000, CRYPTO.

[27]  Robert H. Deng,et al.  Cryptanalysis of Polynominal Authentication and Signature Scheme , 2000, ACISP.

[28]  Bin Zhang,et al.  A Fast Correlation Attack on the Shrinking Generator , 2005, CT-RSA.

[29]  A. Biryukov A New 128-bit Key Stream Cipher LEX , 2005 .

[30]  Bin Zhang,et al.  Security Analysis of the Generalized Self-shrinking Generator , 2004, ICICS.

[31]  Bruce Schneier,et al.  Fast Software Encryption: Designing Encryption Algorithms for Optimal Software Speed on the Intel Pentium Processor , 1997, FSE.

[32]  Dirk Fox,et al.  Advanced Encryption Standard (AES) , 1999, Datenschutz und Datensicherheit.

[33]  Andrey Bogdanov,et al.  ABC: A New Fast Flexible Stream Cipher , 2005 .

[34]  Bin Zhang,et al.  Cryptanalysis of a Knapsack Based Two-Lock Cryptosystem , 2004, ACNS.

[35]  Frederik Armknecht,et al.  Algebraic Attacks on Combiners with Memory , 2003, CRYPTO.

[36]  Berndt Gammel,et al.  The Achterbahn Stream Cipher , 2005 .

[37]  Adi Shamir,et al.  A Practical Attack on Broadcast RC4 , 2001, FSE.

[38]  Hongjun Wu Cryptanalysis of Stream Cipher Alpha1 , 2002, ACISP.

[39]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[40]  Joos Vandewalle,et al.  On a Resynchronization Weakness in a Class of Combiners with Memory , 2002, SCN.

[41]  Jovan Dj. Golic,et al.  Embedding and Probabilistic Correlation Attacks on Clock-Controlled Shift Registers , 1994, EUROCRYPT.

[42]  Philip Hawkes,et al.  Turing: A Fast Stream Cipher , 2002, FSE.

[43]  Robert H. Deng,et al.  Cryptanalysis of Rijmen-Preneel Trapdoor Ciphers , 1998, ASIACRYPT.

[44]  Robert H. Deng,et al.  Cryptanalysis of Two Sparse Polynomial Based Public Key Cryptosystems , 2001, Public Key Cryptography.

[45]  Leonie Ruth Simpson,et al.  A Probabilistic Correlation Attack on the Shrinking Generator , 1998, ACISP.

[46]  Serge Vaudenay,et al.  On the Weak Keys of Blowfish , 1996, FSE.

[47]  Simon R. Blackburn,et al.  Fast rational interpolation, Reed-Solomon decoding, and the linear complexity profiles of sequences , 1997, IEEE Trans. Inf. Theory.

[48]  Thomas Siegenthaler,et al.  Decrypting a Class of Stream Ciphers Using Ciphertext Only , 1985, IEEE Transactions on Computers.

[49]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[50]  Jovan Dj. Golic,et al.  Edit Distance Correlation Attack on the Alternating Step Generator , 1997, CRYPTO.

[51]  Jovan Dj. Golic,et al.  Computation of Edit Probabilities and Edit Distances for the A5-Type Keystream Generator , 2002, J. Complex..

[52]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[53]  James L. Massey,et al.  Shift-register synthesis and BCH decoding , 1969, IEEE Trans. Inf. Theory.

[54]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[55]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[56]  Bin Zhang,et al.  Weaknesses of COSvd (2, 128) Stream Cipher , 2005, ICISC.

[57]  Thomas Johansson,et al.  A New Version of the Stream Cipher SNOW , 2002, Selected Areas in Cryptography.

[58]  Philippe Flajolet,et al.  Random Mapping Statistics , 1990, EUROCRYPT.

[59]  Bart Preneel,et al.  A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher , 2004, FSE.

[60]  Nicolas Courtois,et al.  Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt , 2002, ICISC.

[61]  Hongjun Wu,et al.  Efficient and secure encryption schemes for JPEG2000 , 2004, 2004 IEEE International Conference on Acoustics, Speech, and Signal Processing.

[62]  Scott R. Fluhrer,et al.  Statistical Analysis of the Alleged RC4 Keystream Generator , 2000, FSE.

[63]  Vladimir V. Chepyzhov,et al.  A Simple Algorithm for Fast Correlation Attacks on Stream Ciphers , 2000, FSE.

[64]  Jovan Dj. Golic,et al.  Cryptanalysis of Alleged A5 Stream Cipher , 1997, EUROCRYPT.

[65]  Guang Gong,et al.  The WG Stream Cipher , 2005 .

[66]  Adi Shamir,et al.  Cryptographic Applications of T-Functions , 2003, Selected Areas in Cryptography.

[67]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[68]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[69]  Jennifer Seberry,et al.  Advances in Cryptology — AUSCRYPT '90 , 1990, Lecture Notes in Computer Science.

[70]  Hongjun Wu The Misuse of RC4 in Microsoft Word and Excel , 2005, IACR Cryptol. ePrint Arch..

[71]  Thomas Siegenthaler,et al.  Correlation-immunity of nonlinear combining functions for cryptographic applications , 1984, IEEE Trans. Inf. Theory.

[72]  Shai Halevi,et al.  Cryptanalysis of Stream Ciphers with Linear Masking , 2002, CRYPTO.

[73]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[74]  Ralph Howard,et al.  Data encryption standard , 1987 .

[75]  Vincent Rijmen,et al.  Analysis Methods for (Alleged) RC4 , 1998, ASIACRYPT.

[76]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[77]  Philip Hawkes,et al.  Rewriting Variables: The Complexity of Fast Algebraic Attacks on Stream Ciphers , 2004, CRYPTO.

[78]  Willi Meier,et al.  Fast correlation attacks on certain stream ciphers , 1989, Journal of Cryptology.

[79]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[80]  Eli Biham,et al.  Py (Roo): A Fast and Secure Stream Cipher using Rolling Arrays , 2005, IACR Cryptol. ePrint Arch..

[81]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[82]  Hongjun Wu,et al.  Related-Cipher Attacks , 2002, ICICS.

[83]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[84]  C. G. Giinther ALTERNATING STEP GENERATORS CONTROLLED BY DE BRUIJN SEQUENCES , 1988 .

[85]  Bart Preneel,et al.  Near Optimal Algorithms for Solving Differential Equations of Addition with Batch Queries , 2005, INDOCRYPT.

[86]  Kris Gaj,et al.  Facts and Myths of Enigma: Breaking Stereotypes , 2003, EUROCRYPT.

[87]  Frédéric Muller Differential Attacks against the Helix Stream Cipher , 2004, FSE.

[88]  Shai Halevi,et al.  Scream: A Software-Efficient Stream Cipher , 2002, FSE.

[89]  Jovan Dj. Golic,et al.  Edit Probability Correlation Attack on the Bilateral Stop/Go Generator , 1999, IMACC.

[90]  Bahram Honary,et al.  An Efficient Stream Cipher Alpha1 for Mobile and Wireless Devices , 2001, IMACC.

[91]  Willi Meier,et al.  Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[92]  Itsik Mantin,et al.  A Practical Attack on the Fixed RC4 in the WEP Mode , 2005, ASIACRYPT.

[93]  Hongjun Wu Breaking the Stream Cipher Whitenoise , 2003, IACR Cryptol. ePrint Arch..

[94]  Alex Biryukov,et al.  Slide Attacks , 1999, FSE.

[95]  Hongjun Wu A New Stream Cipher HC-256 , 2004, FSE.

[96]  Amr M. Youssef,et al.  Cryptographic properties of the Welch-Gong transformation sequence generators , 2002, IEEE Trans. Inf. Theory.

[97]  Robert H. Deng,et al.  Secure and Private Distribution of Online Video and Some Related Cryptographic Issues , 2001, ACISP.

[98]  Shahram Khazaei Sharif Divide and Conquer Attack on ABC Stream Cipher , 2005 .

[99]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[100]  Alex Biryukov,et al.  Resynchronization Attack , 2005, Encyclopedia of Cryptography and Security.

[101]  Hideki Imai,et al.  A Low-Complexity and High-Performance Algorithm for the Fast Correlation Attack , 2000, FSE.

[102]  Stafford E. Tavares,et al.  Cryptanalysis of RC4-like Ciphers , 1998, Selected Areas in Cryptography.

[103]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[104]  Anne Canteaut,et al.  DECIM, a new stream cipher for hardware applications , 2005 .

[105]  Alex Biryukov,et al.  Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers , 2000, ASIACRYPT.

[106]  Robert H. Deng,et al.  Cryptanalysis of the m-Permutation Protection Schemes , 2000, ACISP.

[107]  Frederik Armknecht,et al.  Improving Fast Algebraic Attacks , 2004, FSE.

[108]  Chris J. Mitchell Remarks on the security of the Alpha1 stream cipher , 2001 .

[109]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[110]  Adi Shamir,et al.  New Cryptographic Primitives Based on Multiword T-Functions , 2004, FSE.

[111]  V. Strassen Gaussian elimination is not optimal , 1969 .

[112]  Nicolas Courtois Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[113]  Tadayoshi Kohno Analysis of the WinZip encryption method , 2004, IACR Cryptol. ePrint Arch..

[114]  Caroline Fontaine Self-Shrinking Generator , 2005, Encyclopedia of Cryptography and Security.

[115]  Chung-Huang Yang,et al.  Pseudorandom bit generators in stream-cipher cryptography , 1991, Computer.

[116]  Ronald L. Rivest,et al.  The RC4 encryption algorithm , 1992 .

[117]  Bart Preneel,et al.  A New Keystream Generator MUGI , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[118]  Chung-Huang Yang,et al.  Large Primes in Stream Cipher Cryptography , 1990, AUSCRYPT.

[119]  Robert H. Deng,et al.  Cryptanalysis of a Digital Signature Scheme on ID-Based Key-Sharing Infrastructures , 2001, Public Key Cryptography.