## Cryptology ePrint Archive: Report 2014/245

A practical state recovery attack on the stream cipher Sablier v1

Xiutao FENG and Fan ZHANG

Abstract: Sablier is an authenticated encryption cipher submitted to the CAESAR competition, which is composed of the encryption Sablier v1 and the authentication \textup{Au}. In this work we present a state recovery attack against the encryption Sablier v1 with time complexity about $2^{44}$ operations and data complexity about 24 of 16-bit keywords. Our attack is practical in the workstation. It is noticed that the update of the internal state of Sablier v1 is invertible, thus our attack can further deduce a key recovery attack and a forgery attack against the authenticated encryption Sablier. The result shows that Sablier v1 is far from the goal of its security design (80-bit level).

Category / Keywords: secret-key cryptography / CAESER, stream ciphers, Sablier, state recovery attack