Paper 2007/075
Weaknesses in the Pseudorandom Bit Generation Algorithms of the Stream Ciphers TPypy and TPy
Gautham Sekar, Souradyuti Paul, and Bart Preneel
Abstract
The stream ciphers Py, Py6 were designed by Biham and Seberry for the ECRYPT-eSTREAM project in 2005. However, due to several recent cryptanalytic attacks on them, a strengthened version Pypy was proposed to rule out those attacks. The ciphers have been promoted to the `Focus' ciphers of the Phase II of the eSTREAM project. The impressive speed of the ciphers make them the forerunners in the competition. Unfortunately, even the new cipher Pypy was found to retain weaknesses, forcing the designers to again go for modifications. As a result, three new ciphers TPypy, TPy and TPy6 were built. Among all the members of the Py-family of ciphers, the TPypy is conjectured to be the strongest. So far, there is no known attack on the TPypy. This paper shows that the security of TPypy does not grow exponentially with the key-size. The main achievement of the paper is the detection of input-output correlations of TPypy that allow us to build a distinguisher with $2^{281}$ randomly chosen key/IVs and as many outputwords (each key generating one outputword). The cipher TPypy was claimed by the designers to be secure with keysize up to 256 bytes, i.e., 2048 bits. Our results establish that the TPypy fails to provide adequate security if the keysize is longer than 35 bytes, i.e., 280 bits. Note that the distinguisher is built within the design specifications of the cipher. Because of remarkable similarities between the TPypy and the TPy, our attacks are shown to be effective for TPy also. The paper also points out how the other members of the Py-family (i.e., TPy6, Py6, Pypy and Py6) are also weak against the current and some existing attacks.
Note: Please note that the attacks described in this paper only apply to TPypy, TPy, Pypy and Py; they do not apply to Py6 and TPy6.
Metadata
- Available format(s)
- PDF PS
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- Stream CipherPRBGDistinguishing Attack
- Contact author(s)
- Gautham Sekar @ esat kuleuven be
- History
- 2008-11-29: last of 6 revisions
- 2007-02-28: received
- See all versions
- Short URL
- https://ia.cr/2007/075
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2007/075, author = {Gautham Sekar and Souradyuti Paul and Bart Preneel}, title = {Weaknesses in the Pseudorandom Bit Generation Algorithms of the Stream Ciphers {TPypy} and {TPy}}, howpublished = {Cryptology {ePrint} Archive, Paper 2007/075}, year = {2007}, url = {https://eprint.iacr.org/2007/075} }