Paper 2014/245

A practical state recovery attack on the stream cipher Sablier v1

Xiutao FENG and Fan ZHANG


Sablier is an authenticated encryption cipher submitted to the CAESAR competition, which is composed of the encryption Sablier v1 and the authentication \textup{Au}. In this work we present a state recovery attack against the encryption Sablier v1 with time complexity about $2^{44}$ operations and data complexity about 24 of 16-bit keywords. Our attack is practical in the workstation. It is noticed that the update of the internal state of Sablier v1 is invertible, thus our attack can further deduce a key recovery attack and a forgery attack against the authenticated encryption Sablier. The result shows that Sablier v1 is far from the goal of its security design (80-bit level).

Available format(s)
Secret-key cryptography
Publication info
Preprint. Minor revision.
CAESERstream ciphersSablierstate recovery attack
Contact author(s)
fengxt @ amss ac cn
2014-04-18: received
Short URL
Creative Commons Attribution


      author = {Xiutao FENG and Fan ZHANG},
      title = {A practical state recovery attack on the stream cipher Sablier v1},
      howpublished = {Cryptology ePrint Archive, Paper 2014/245},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.