In this paper we present a new approach to TMTO attacks against stream ciphers using a publicly known initial value (IV): We suggest not to treat the IV as part of the secret key material (as done in current attacks), but rather to choose in advance some IVs and apply a TMTO attack to streams produced using these IVs. We show that while the obtained tradeoff curve is identical to the curve obtained by the current approach, the new technique allows to mount the TMTO attack in a larger variety of settings. For example, if both the secret key and the IV are of length n, it is possible to mount an attack with data, time, and memory complexities of 2^{4n/5}, while in the current approach, either the time complexity or the memory complexity is not less than 2^n. We conclude that if the IV length of a stream cipher is less than 1.5 times the key length, there exists an attack on the cipher with data, time, and memory complexities less than the complexity of exhaustive key search.
Category / Keywords: secret-key cryptography / Time-Memory-Data Tradeoff attacks, Stream ciphers, IV initialization Publication Info: This is the full version of a paper to appear in IPL Date: received 16 Jul 2008, last revised 16 Jul 2008 Contact author: orr dunkelman at ens fr Available formats: PDF | BibTeX Citation Version: 20080727:155310 (All versions of this report) Discussion forum: Show discussion | Start new discussion