论文信息 - Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers

Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers

In 1980 Hellman introduced a general technique for breaking arbitrary block ciphers with N possible keys in time T and memory M related by the tradeoff curve TM2 = N2 for 1 ≤ T ≤ N. Recently, Babbage and Golic pointed out that a different TM = N tradeoff attack for 1 ≤ T ≤ D is applicable to stream ciphers, where D is the amount of output data available to the attacker. In this paper we show that a combination of the two approaches has an improved time/memory/data tradeoff for stream ciphers of the form TM2D2 = N2 for any D2 ≤ T ≤ N. In addition, we show that stream ciphers with low sampling resistance have tradeoff attacks with fewer table lookups and a wider choice of parameters.

Alex Biryukov | Adi Shamir | A. Shamir | A. Biryukov

[1] Martin E. Hellman,et al. A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[2] S. Babbage. Improved “exhaustive search” attacks on stream ciphers , 1995 .

[3] Jovan Dj. Golic,et al. Cryptanalysis of Alleged A5 Stream Cipher , 1997, EUROCRYPT.

[4] Alex Biryukov,et al. Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.