Paper 2014/245

A practical state recovery attack on the stream cipher Sablier v1

Xiutao FENG and Fan ZHANG

Abstract

Sablier is an authenticated encryption cipher submitted to the CAESAR competition, which is composed of the encryption Sablier v1 and the authentication \textup{Au}. In this work we present a state recovery attack against the encryption Sablier v1 with time complexity about $2^{44}$ operations and data complexity about 24 of 16-bit keywords. Our attack is practical in the workstation. It is noticed that the update of the internal state of Sablier v1 is invertible, thus our attack can further deduce a key recovery attack and a forgery attack against the authenticated encryption Sablier. The result shows that Sablier v1 is far from the goal of its security design (80-bit level).

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. Minor revision.
Keywords
CAESERstream ciphersSablierstate recovery attack
Contact author(s)
fengxt @ amss ac cn
History
2014-04-18: received
Short URL
https://ia.cr/2014/245
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/245,
      author = {Xiutao FENG and Fan ZHANG},
      title = {A practical state recovery attack on the stream cipher Sablier v1},
      howpublished = {Cryptology ePrint Archive, Paper 2014/245},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/245}},
      url = {https://eprint.iacr.org/2014/245}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.