In this paper the applicability of differential cryptanalytic tool to stream ciphers is elaborated using the algebraic representation similar to early Shannon’s postulates regarding the concept of confusion. In 2007, Biham and Dunkelman [3] have formally introduced the concept of differential cryptanalysis in stream ciphers by addressing the three different scenarios of interest. Here we mainly consider the first scenario where the key difference and/or IV difference influence the internal state of the cipher (∆key, ∆IV ) → ∆S. We then show that under certain circumstances a chosen IV attack may be transformed in the key chosen attack. That is, whenever at some stage of the key/IV setup algorithm (KSA) we may identify linear relations between some subset of key and IV bits, and these key variables only appear through these linear relations, then using the differentiation of internal state variables (through chosen IV scenario of attack) we are able to eliminate the presence of corresponding key variables. The method leads to an attack whose complexity is beyond the exhaustive search, whenever the cipher admits exact algebraic description of internal state variables and the keystream computation is not complex. A successful application is especially noted in the context of stream ciphers whose keystream bits evolve relatively slow as a function of secret state bits. A modification of the attack can be applied to the TRIVIUM stream cipher [8], in this case 12 linear relations could be identified but at the same time the same 12 key variables appear in another part of state register. Still, a significant decrease in the degree and complexity of state bit expressions after the KSA is achieved. Computer simulations, currently in progress, will answer the question for what number of initialization rounds the attack is faster than exhaustive search.
[1]
Alex Biryukov,et al.
Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers
,
2000,
ASIACRYPT.
[2]
Adi Shamir,et al.
Cube Attacks on Tweakable Black Box Polynomials
,
2009,
IACR Cryptol. ePrint Arch..
[3]
Claude E. Shannon,et al.
Communication theory of secrecy systems
,
1949,
Bell Syst. Tech. J..
[4]
Palash Sarkar,et al.
New Applications of Time Memory Data Tradeoffs
,
2005,
ASIACRYPT.
[5]
Eli Biham,et al.
Differential cryptanalysis of DES-like cryptosystems
,
1990,
Journal of Cryptology.
[6]
B. Preneel,et al.
Trivium Specifications ?
,
2022
.
[7]
Eli Biham,et al.
Py (Roo): A Fast and Secure Stream Cipher using Rolling Arrays
,
2005,
IACR Cryptol. ePrint Arch..
[8]
Shahram Khazaei,et al.
Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers
,
2008,
AFRICACRYPT.
[9]
Eli Biham,et al.
Differential Cryptanalysis in Stream Ciphers
,
2007,
IACR Cryptol. ePrint Arch..
[10]
Eli Biham,et al.
Differential Fault Analysis of Secret Key Cryptosystems
,
1997,
CRYPTO.
[11]
Mitsuru Matsui,et al.
Linear Cryptanalysis Method for DES Cipher
,
1994,
EUROCRYPT.
[12]
Steve Babbage,et al.
Cryptanalysis of LILI-128
,
2001
.
[13]
Michael Vielhaber.
Breaking ONE.FIVIUM by AIDA an Algebraic IV Differential Attack
,
2007,
IACR Cryptol. ePrint Arch..
[14]
Bart Preneel,et al.
Differential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy
,
2007,
EUROCRYPT.
[15]
Antoine Joux,et al.
A Chosen IV Attack Against Turing
,
2003,
Selected Areas in Cryptography.
[16]
Thomas Johansson,et al.
A Framework for Chosen IV Statistical Analysis of Stream Ciphers
,
2007,
INDOCRYPT.