Mixing Property Tester: A General Framework for Evaluating the Mixing Properties of Initialization of Stream Ciphers

In this paper, a general framework for evaluating the mixing properties of initialization of stream ciphers, called Mixing Property Tester-MPT, is exploited and formalized. Based on this general framework, we propose a concrete and efficient algorithm, which can compute the maximum number of initialization rounds of a given stream cipher such that any internal state bit or generated keystream bit does not achieve full mixing properties. Our algorithm has linear time complexity and needs a negligible amount of memory. As illustrations, we apply our algorithm to ZUC-128, ZUC-256 and Trivium stream ciphers. The results show that though ZUC-256 has a much larger initial input size than ZUC-128, its mixing properties are almost as good as ZUC-128. As for Trivium, the tap positions of keystream output function are not chosen optimally with respect to this tester and we provide some better selections of tap positions. As a general cryptanalytic tool, MPT can help to give the designers more insights to choose the initialization functions and the required number of initialization rounds.

[1]  Alex Biryukov,et al.  Two Trivial Attacks on Trivium , 2007, IACR Cryptol. ePrint Arch..

[2]  Meiqin Wang,et al.  Conditional Cube Attack on Reduced-Round Keccak Sponge Function , 2017, EUROCRYPT.

[3]  Shahram Khazaei,et al.  Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers , 2008, AFRICACRYPT.

[4]  Dongdai Lin,et al.  Searching cubes for testing Boolean functions and its application to Trivium , 2015, 2015 IEEE International Symposium on Information Theory (ISIT).

[5]  Dongdai Lin,et al.  The Initialization Stage Analysis of ZUC v1.5 , 2011, CANS.

[6]  Meicheng Liu,et al.  Degree Evaluation of NFSR-Based Cryptosystems , 2017, CRYPTO.

[7]  Yosuke Todo,et al.  Improved Division Property Based Cube Attacks Exploiting Algebraic Properties of Superpoly , 2018, IEEE Transactions on Computers.

[8]  Pierre-Alain Fouque,et al.  Improving Key Recovery to 784 and 799 rounds of Trivium using Optimized Cube Attacks , 2013, IACR Cryptol. ePrint Arch..

[9]  Yosuke Todo,et al.  Cube Attacks on Non-Blackbox Polynomials Based on Division Property , 2018, IEEE Transactions on Computers.

[10]  Lin Ding,et al.  Guess and Determine Attack on SNOW3G and ZUC: Guess and Determine Attack on SNOW3G and ZUC , 2014 .

[11]  Olivier Markowitch,et al.  SAT based analysis of LTE stream cipher ZUC , 2015, J. Inf. Secur. Appl..

[12]  Adi Shamir,et al.  Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[13]  Thomas Johansson,et al.  A Framework for Chosen IV Statistical Analysis of Stream Ciphers , 2007, INDOCRYPT.

[14]  Willi Meier,et al.  Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium , 2009, FSE.

[15]  Dongdai Lin,et al.  Correlation Cube Attacks: From Weak-Key Distinguisher to Key Recovery , 2018, IACR Cryptol. ePrint Arch..

[16]  Adi Shamir,et al.  Breaking Grain-128 with Dynamic Cube Attacks , 2011, IACR Cryptol. ePrint Arch..

[17]  Matthew J. B. Robshaw,et al.  New Stream Cipher Designs: The eSTREAM Finalists , 2008 .

[18]  Liu Shu Guess and Determine Attack on SNOW3G and ZUC , 2013 .