Cryptology ePrint Archive: Report 2009/402

AIDA Breaks BIVIUM (A&B) in 1 Minute Dual Core CPU Time

Michael Vielhaber

Abstract: The stream cipher BIVIUM (both BIVIUM-A and BIVIUM-B), a modification of the eSTREAM finalist TRIVIUM, can be broken completely by the Algebraic IV Differential Attack, AIDA, using $2^{27.5}$ simulations or one minute of dual core processing.

AIDA uses the subspaces of two 32-dimensional vector spaces over subsets of IV bits to recover 56 of the 80 key bits. The remaining 24 key bits are most easily determined by brute force search.

We applied the Fast Reed-Muller Transform to speed up the search for linear equations in the key bits and the Wavefront Model to rule out nonlinear relations in the key bits early on.

Category / Keywords: secret-key cryptography /

Date: received 15 Aug 2009

Contact author: vielhaber at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20090817:122020 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]