Cryptology ePrint Archive: Report 2021/1047

A Correlation Attack on Full SNOW-V and SNOW-Vi

Zhen Shi and Chenhui Jin and Jiyan Zhang and Ting Cui and Lin Ding

Abstract: In this paper, a method for searching correlations between the binary stream of LFSR and the keystream of SNOW-V and SNOW-Vi is presented based on the techniques of composite function. With the aid of the linear relationship between the four taps of LFSR inputting to FSM at three consecutive clocks, we present an automatic search model based on the SAT/SMT technique and search out a binary linear approximation with a correlation 2^{-49.54}. Applying such approximation, we provide a correlation attack on SNOW-V with an expected time complexity 2^{248.81}, a memory complexity 2^{240} and 2^{240} keystream words generated by the same key and IV. For SNOW-Vi, we provide a binary linear approximation with the same correlation and mount a correlation attack with the same complexity as that of SNOW-V. The results indicate that neither of SNOW-V and SNOW-Vi can guarantee the 256-bit security level if the design constraint that the maximum of keystream length for a single pair of key and IV is less than 2^{64} is ignored.

Category / Keywords: secret-key cryptography / SNOW-V; SNOW-Vi; Cryptanalysis, Linear Approxima- tion; Automatic Search.

Date: received 12 Aug 2021

Contact author: shizhenieu at 126 com

Available format(s): PDF | BibTeX Citation

Version: 20210816:131253 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]