Cryptology ePrint Archive: Report 2007/108

An Improved Distinguisher for Dragon

Joo Yeon Cho and Josef Pieprzyk

Abstract: Dragon stream cipher is one of the focus ciphers which have reached Phase 2 of the eSTREAM project. In this paper, we present a new method of building a linear distinguisher for Dragon. The distinguisher is constructed by exploiting the biases of two S-boxes and the modular addition which are basic components of the nonlinear function $F$. The bias of the distinguisher is estimated to be around $2^{-75.32}$ which is better than the bias of the distinguisher presented by Englund and Maximov. We have shown that Dragon is distinguishable from a random cipher by using around $2^{150.6}$ keystream words and $2^{59}$ memory. In addition, we present a very efficient algorithm for computing the bias of linear approximation of modular addition.

Category / Keywords: Stream Ciphers, eSTREAM, Dragon, Modular Addition

Date: received 23 Mar 2007, last revised 10 Jul 2007

Contact author: jooyeon cho at gmail com

Available formats: PDF | BibTeX Citation

Note: A new attack method is described in chapter 4.

Version: 20070710:131019 (All versions of this report)

Discussion forum: Show discussion | Start new discussion