Distinguishing attack on the stream cipher Sosemanuk

Sosemanuk has successfully been chosen as one of the final stream ciphers by eSTREAM.Although Sosemanuk has attracted great interest,it has not been completely developed.Due to the linear defect in the Sosemanuk stream cipher,a distinguishing attack based on the linear character of the finite state machine(FSM) and Serpent1 was proposed.This method used linear masks by replacing modular additions and Trans functions by exclusive ORs(XORs),transforming the nonlinear functions into linear functions.Then,a distinguisher was built.The results show that the keystream generated in Sosemanuk is distinguishable from a random sequence after observing approximately 2221 bits.