Cryptology ePrint Archive: Report 2005/244

Theoretical cryptanalysis of the Klimov-Shamir number generator TF-1

Boaz Tsaban

Abstract: The internal state of the Klimov-Shamir number generator TF-1 consists of four words of size w bits each, whereas its intended strength is 2^{2w}. We exploit an asymmetry in its output function to show that the internal state can be recovered after having 2^w outputs, using 2^{1.5w} operations. For w=32 the attack is practical, but for their recommended w=64 it is only of theoretical interest.

Category / Keywords: secret-key cryptography / T-functions, TF-1

Date: received 25 Jul 2005, last revised 26 Jul 2005

Contact author: boaz tsaban at weizmann ac il

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: We thank Alexander Klimov for his comments.

Version: 20050730:162618 (All versions of this report)

Short URL: ia.cr/2005/244

Discussion forum: Show discussion | Start new discussion