Paper 2019/1352

Spectral analysis of ZUC-256

Jing Yang, Thomas Johansson, and Alexander Maximov


In this paper we develop a number of generic techniques and algorithms in spectral analysis of large linear approximations for use in cryptanalysis. We apply the developed tools for cryptanalysis of ZUC-256 and give a distinguishing attack with complexity around $2^{236}$. Although the attack is only $2^{20}$ times faster than exhaustive key search, the result indicates that ZUC-256 does not provide a source with full 256-bit entropy in the generated keystream, which would be expected from a 256-bit key. To the best of our knowledge, this is the first known academic attack on full ZUC-256 with a computational complexity that is below exhaustive key search.

Available format(s)
Secret-key cryptography
Publication info
Published by the IACR in FSE 2020
ZUC-256Stream Cipher5G Mobile System Security
Contact author(s)
alexander maximov @ ericsson com
2020-02-19: revised
2019-11-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Jing Yang and Thomas Johansson and Alexander Maximov},
      title = {Spectral analysis of ZUC-256},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1352},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.