Cryptology ePrint Archive: Report 2011/007

KISS: A Bit Too Simple

Greg Rose

Abstract: KISS (`Keep it Simple Stupid') is an efficient pseudo-random number generator specified by G. Marsaglia and A. Zaman in 1993. G. Marsaglia in 1998 posted a C version to various USENET newsgroups, including \texttt{sci.crypt}. Marsaglia himself has never claimed cryptographic security for the KISS generator, but many others have made the intellectual leap and claimed that it is of cryptographic quality. In this paper we show a number of reasons why the generator does not meet the KISS authors' claims, why it is not suitable for use as a stream cipher, and that it is not cryptographically secure. Our best attack requires about 70 words of generated output and a few hours of computation to recover the initial state.

Category / Keywords: secret-key cryptography / PRNG, stream cipher, cryptanalysis

Publication Info: Might be submitted to SAC'11

Date: received 4 Jan 2011, last revised 20 Oct 2011

Contact author: ggr at qualcomm com

Available format(s): PDF | BibTeX Citation

Note: Minor updates to paper based on recieved comments.

Version: 20111020:134627 (All versions of this report)

Short URL: ia.cr/2011/007

Discussion forum: Show discussion | Start new discussion