Paper 2007/108

An Improved Distinguisher for Dragon

Joo Yeon Cho and Josef Pieprzyk

Abstract

Dragon stream cipher is one of the focus ciphers which have reached Phase 2 of the eSTREAM project. In this paper, we present a new method of building a linear distinguisher for Dragon. The distinguisher is constructed by exploiting the biases of two S-boxes and the modular addition which are basic components of the nonlinear function $F$. The bias of the distinguisher is estimated to be around $2^{-75.32}$ which is better than the bias of the distinguisher presented by Englund and Maximov. We have shown that Dragon is distinguishable from a random cipher by using around $2^{150.6}$ keystream words and $2^{59}$ memory. In addition, we present a very efficient algorithm for computing the bias of linear approximation of modular addition.

Note: A new attack method is described in chapter 4.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
Stream CipherseSTREAMDragonModular Addition
Contact author(s)
jooyeon cho @ gmail com
History
2007-07-10: last of 2 revisions
2007-03-26: received
See all versions
Short URL
https://ia.cr/2007/108
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2007/108,
      author = {Joo Yeon Cho and Josef Pieprzyk},
      title = {An Improved Distinguisher for Dragon},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/108},
      year = {2007},
      url = {https://eprint.iacr.org/2007/108}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.