Spectral analysis of ZUC-256

In this paper we develop a number of generic techniques and algorithms in spectral analysis of large linear approximations for use in cryptanalysis. We apply the developed tools for cryptanalysis of ZUC-256 and give a distinguishing attack with complexity around 2236 . Although the attack is only 220 times faster than exhaustive key search, the result indicates that ZUC-256 does not provide a source with full 256-bit entropy in the generated keystream, which would be expected from a 256-bit key. To the best of our knowledge, this is the first known academic attack on full ZUC-256 with a computational complexity that is below exhaustive key search.

[1]  Kaisa Nyberg,et al.  Multidimensional Walsh Transform and a Characterization of Bent Functions , 2007, 2007 IEEE Information Theory Workshop on Information Theory for Wireless Networks.

[2]  Kaisa Nyberg,et al.  Multidimensional linear distinguishing attacks and Boolean functions , 2011, Cryptography and Communications.

[3]  Helena Handschuh,et al.  x2 Cryptanalysis of the SEAL Encryption Algorithm , 1997, FSE.

[4]  Liu Shu Guess and Determine Attack on SNOW3G and ZUC , 2013 .

[5]  Thomas Johansson,et al.  Improved algorithms for finding low-weight polynomial multiples in F 2 [ x ] and some cryptographic applications , 2014 .

[6]  Tao Huang,et al.  Differential Attacks against Stream Cipher ZUC , 2012, ASIACRYPT.

[7]  Dongdai Lin,et al.  The Initialization Stage Analysis of ZUC v1.5 , 2011, CANS.

[8]  Yvo Desmedt,et al.  Walsh transforms and cryptographic applications in bias computing , 2015, Cryptography and Communications.

[9]  Huaxiong Wang,et al.  On Multidimensional Linear Cryptanalysis , 2010, ACISP.

[10]  Serge Vaudenay,et al.  How Far Can We Go Beyond Linear Cryptanalysis? , 2004, ASIACRYPT.

[11]  Alexander Maximov,et al.  Fast Computation of Large Distributions and Its Cryptographic Applications , 2005, ASIACRYPT.

[12]  Olivier Markowitch,et al.  SAT based analysis of LTE stream cipher ZUC , 2013, SIN.

[13]  Jing Yang,et al.  Vectorized linear approximations for attacks on SNOW 3G , 2020, IACR Cryptol. ePrint Arch..

[14]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .