Paper 2009/250

Modifications in the Design of Trivium to Increase its Security Level

Mehreen Afzal and Ashraf Masood

Abstract

Inner state of a stream cipher is said to be as large as necessary but at the same time as small as possible. Trivium, a hardware oriented stream cipher, has been selected for the final portfolio of the eSTREAM project. It offers a security level of 80 bits while it has 288 internal state bits. Owing to its simple algebraic structure, it has been proved experimentally that Trivium can provide only a marginal security level of 80 bits. This article presents some modified versions of Trivium to increase its security level from 80 bits. Our objective is to give a better security level with the same number of internal states without changing much the elegant and simple design philosophy of Trivium. The focus is to make its algebraic structure intricate enough to resist the algebraic attack with guess and determine approach, which can recover its secret internal state bits. We have proposed two possible modifications that can increase its security level without any increase in the number of AND gates. Maximov and Biryukov have proposed a tweaked version of Trivium (Trivium/128) (11), with additional AND gates, to increase the security level to 128 bits. In this article, two other modifications with additional product terms proven to have a better security margin than Trivium/128 are also presented.