Stream ciphers play an important role in symmetric cryptology because of their suitability in high speed applications where block ciphers fall short. A large number of fast stream ciphers or pseudorandom bit generators (PRBG's) can be found in the literature that are based on arrays and simple operations such as modular additions, rotations and memory accesses (e.g. RC4, RC4A, Py, Py6, ISAAC etc.). This paper investigates the security of array-based stream ciphers (or PRBG's) against certain types of distinguishing attacks in a unified way. We argue, counter-intuitively, that the most useful characteristic of an array, namely, the association of array-elements with unique indices, may turn out to be the origins of distinguishing attacks if adequate caution is not maintained. In short, an adversary may attack a cipher simply exploiting the dependence of array-elements on the corresponding indices. Most importantly, the weaknesses are not eliminated even if the indices and the array-elements are made to follow uniform distributions separately. Exploiting these weaknesses we build distinguishing attacks with reasonable advantage on five recent stream ciphers (or PRBG's), namely, Py6 (2005, Biham et al.), IA, ISAAC (1996, Jenkins Jr.), NGG, GGHN (2005, Gong et al.) with data complexities 268.61, 232.89, 216.89, 232.89 and 232.89 respectively. In all the cases we worked under the assumption that the key-setup algorithms of the ciphers produced uniformly distributed internal states. We only investigated the mixing of bits in the keystream generation algorithms. In hindsight, we also observe that the previous attacks on the other array-based stream ciphers (e.g. Py, etc.), can also be explained in the general framework developed in this paper. We hope that our analyses will be useful in the evaluation of the security of stream ciphers based on arrays and modular addition.
[1]
Paul Crowley.
Improved cryptanalysis of Py
,
2006,
IACR Cryptol. ePrint Arch..
[2]
Serge Vaudenay,et al.
How Far Can We Go Beyond Linear Cryptanalysis?
,
2004,
ASIACRYPT.
[3]
Bartosz Zoltak,et al.
VMPC One-Way Function and Stream Cipher
,
2004,
FSE.
[4]
Bart Preneel,et al.
A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher
,
2004,
FSE.
[5]
Eli Biham,et al.
Py (Roo): A Fast and Secure Stream Cipher using Rolling Arrays
,
2005,
IACR Cryptol. ePrint Arch..
[6]
Scott R. Fluhrer,et al.
Statistical Analysis of the Alleged RC4 Keystream Generator
,
2000,
FSE.
[7]
Hongjun Wu.
A New Stream Cipher HC-256
,
2004,
FSE.
[8]
Jorma Virtamo,et al.
Broadband Network Traffic
,
1996,
Lecture Notes in Computer Science.
[9]
Adi Shamir,et al.
A Practical Attack on Broadcast RC4
,
2001,
FSE.
[10]
Marina Pudovkina.
A known plaintext attack on the ISAAC keystream generator
,
2001,
IACR Cryptol. ePrint Arch..
[11]
Bart Preneel.
New European Schemes for Signature, Integrity and Encryption (NESSIE): A Status Report
,
2002,
Public Key Cryptography.
[12]
Martin Hell,et al.
Towards a General RC4-Like Keystream Generator
,
2005,
CISC.
[13]
Hongjun Wu.
Stream Cipher HC-256 ?
,
2004
.
[14]
Bart Preneel,et al.
Distinguishing Attacks on the Stream Cipher Py
,
2006,
FSE.
[15]
Hongjun Wu,et al.
Ecrypt Network of Excellence in Cryptology
,
2007
.
[16]
Guang Gong,et al.
A 32-bit RC4-like Keystream Generator
,
2005,
IACR Cryptol. ePrint Arch..
[17]
Hongjun Wu.
Cryptanalysis of a 32-bit RC4-like Stream Cipher
,
2005,
IACR Cryptol. ePrint Arch..
[18]
Shai Halevi,et al.
Scream: A Software-Efficient Stream Cipher
,
2002,
FSE.