Cryptology ePrint Archive: Report 2014/245

A practical state recovery attack on the stream cipher Sablier v1

Xiutao FENG and Fan ZHANG

Abstract: Sablier is an authenticated encryption cipher submitted to the CAESAR competition, which is composed of the encryption Sablier v1 and the authentication \textup{Au}. In this work we present a state recovery attack against the encryption Sablier v1 with time complexity about $2^{44}$ operations and data complexity about 24 of 16-bit keywords. Our attack is practical in the workstation. It is noticed that the update of the internal state of Sablier v1 is invertible, thus our attack can further deduce a key recovery attack and a forgery attack against the authenticated encryption Sablier. The result shows that Sablier v1 is far from the goal of its security design (80-bit level).

Category / Keywords: secret-key cryptography / CAESER, stream ciphers, Sablier, state recovery attack

Date: received 6 Apr 2014

Contact author: fengxt at amss ac cn

Available format(s): PDF | BibTeX Citation

Version: 20140418:072816 (All versions of this report)

Short URL: ia.cr/2014/245

Discussion forum: Show discussion | Start new discussion