### Cryptanalysis of stream ciphers with linear masking

Don Coppersmith, Shai Halevi, and Charanjit Jutla

##### Abstract

We describe a cryptanalytical technique for distinguishing some stream ciphers from a truly random process. Roughly, the ciphers to which this method applies consist of a non-linear process'' (say, akin to a round function in block ciphers), and a linear process'' such as an LFSR (or even fixed tables). The output of the cipher can be the linear sum of both processes. To attack such ciphers, we look for any property of the non-linear process'' that can be distinguished from random. In addition, we look for a linear combination of the linear process that vanishes. We then consider the same linear combination applied to the cipher's output, and try to find traces of the distinguishing property. In this report we analyze two specific distinguishing properties''. One is a linear approximation of the non-linear process, which we demonstrate on the stream cipher SNOW. This attack needs roughly $2^{95}$ words of output, with work-load of about $2^{100}$. The other is a low-diffusion'' attack, that we apply to the cipher Scream-0. The latter attack needs only about $2^{43}$ bytes of output, using roughly $2^{50}$ space and $2^{80}$ time.

Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. extended abstract appears in Crypto'02
Keywords
Hypothesis testingLinear cryptanalysisLinear maskingLow-Diffusion attacksStream ciphers
Contact author(s)
shaih @ watson ibm com
History
2002-06-05: last of 2 revisions
See all versions
Short URL
https://ia.cr/2002/020

CC BY

BibTeX

@misc{cryptoeprint:2002/020,
author = {Don Coppersmith and Shai Halevi and Charanjit Jutla},
title = {Cryptanalysis of stream ciphers with linear masking},
howpublished = {Cryptology ePrint Archive, Paper 2002/020},
year = {2002},
note = {\url{https://eprint.iacr.org/2002/020}},
url = {https://eprint.iacr.org/2002/020}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.