Paper 2005/244

Theoretical cryptanalysis of the Klimov-Shamir number generator TF-1

Boaz Tsaban

Abstract

The internal state of the Klimov-Shamir number generator TF-1 consists of four words of size w bits each, whereas its intended strength is 2^{2w}. We exploit an asymmetry in its output function to show that the internal state can be recovered after having 2^w outputs, using 2^{1.5w} operations. For w=32 the attack is practical, but for their recommended w=64 it is only of theoretical interest.

Note: We thank Alexander Klimov for his comments.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
T-functionsTF-1
Contact author(s)
boaz tsaban @ weizmann ac il
History
2005-07-30: received
Short URL
https://ia.cr/2005/244
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2005/244,
      author = {Boaz Tsaban},
      title = {Theoretical cryptanalysis of the Klimov-Shamir number generator TF-1},
      howpublished = {Cryptology ePrint Archive, Paper 2005/244},
      year = {2005},
      note = {\url{https://eprint.iacr.org/2005/244}},
      url = {https://eprint.iacr.org/2005/244}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.