Cryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks

In this paper, we present a correlation attack on Sosemanuk withcomplexity less than 2150. Sosemanuk is a softwareoriented stream cipher proposed by Berbain et al. to the eSTREAMcall for stream cipher and has been selected in the finalportfolio. Sosemanuk consists of a linear feedback shiftregister(LFSR) of ten 32-bit words and a finite state machine(FSM)of two 32-bit words. By combining linear approximation relationsregarding the FSM update function, the FSM output function and thekeystream output function, it is possible to derive linearapproximation relations with correlation -2-21.41involving only the keystream words and the LFSR initial state.Using such linear approximation relations, we mount a correlationattack with complexity 2147.88 and success probability99% to recover the initial internal state of 384 bits. We alsomount a correlation attack on SNOW 2.0 with complexity2204.38.

[1]  Thomas Johansson,et al.  SNOW - A new stream cipher , 2000 .

[2]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[3]  Jovan Dj. Golic,et al.  Linear Cryptanalysis of Bluetooth Stream Cipher , 2002, EUROCRYPT.

[4]  Vincent Rijmen,et al.  The eSTREAM Portfolio , 2008 .

[5]  Joo Yeon Cho An Improved Estimate of the Correlation of Distinguisher for Dragon , 2008 .

[6]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[7]  Josef Pieprzyk,et al.  An Improved Distinguisher for Dragon , 2007, IACR Cryptol. ePrint Arch..

[8]  Shai Halevi,et al.  Cryptanalysis of Stream Ciphers with Linear Masking , 2002, CRYPTO.

[9]  Thomas Johansson,et al.  A New Version of the Stream Cipher SNOW , 2002, Selected Areas in Cryptography.

[10]  Anne Canteaut,et al.  Sosemanuk, a Fast Software-Oriented Stream Cipher , 2008, The eSTREAM Finalists.

[11]  Alex Biryukov,et al.  A Distinguishing Attack of SNOW 2.0 with Linear Masking Method , 2003, Selected Areas in Cryptography.

[12]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[13]  Alexander Maximov,et al.  Cryptanalysis of Grain , 2006, FSE.

[14]  Kaisa Nyberg,et al.  Correlation Theorems in Cryptanalysis , 2001, Discret. Appl. Math..

[15]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[16]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[17]  Vladimir V. Chepyzhov,et al.  A Simple Algorithm for Fast Correlation Attacks on Stream Ciphers , 2000, FSE.

[18]  Josef Pieprzyk,et al.  Crossword Puzzle Attack on NLS , 2006, IACR Cryptol. ePrint Arch..

[19]  Kaisa Nyberg,et al.  Improved Linear Distinguishers for SNOW 2.0 , 2006, FSE.