Paper 2021/544

Improved guess-and-determine and distinguishing attacks on SNOW-V

Jing Yang, Thomas Johansson, and Alexander Maximov

Abstract

In this paper, we investigate the security of SNOW-V, demonstrating two guess-and-determine (GnD) attacks against the full version with complexities $2^{384}$ and $2^{378}$, respectively, and one distinguishing attack against a reduced variant with complexity $2^{303}$. Our GnD attacks use enumeration with recursion to explore valid guessing paths, and try to truncate as many invalid guessing paths as possible at early stages of the recursion by carefully designing the order of guessing. In our first GnD attack, we guess three 128-bit state variables, determine the remaining four according to four consecutive keystream words. We finally use the next three keystream words to verify the correct guess. The second GnD attack is similar but exploits one more keystream word as side information helping to truncate more guessing paths. Our distinguishing attack targets a reduced variant where 32-bit adders are replaced with exclusive-OR operations. The samples can be collected from short keystream sequences under different (key, IV) pairs. These attacks do not threaten SNOW-V, but provide more in-depth details for understanding its security and give new ideas for cryptanalysis of other ciphers.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in FSE 2022
Keywords
SNOW-VGuess-and-determine attackDistinguishing attack
Contact author(s)
alexander maximov @ ericsson com
History
2021-08-27: last of 2 revisions
2021-04-27: received
See all versions
Short URL
https://ia.cr/2021/544
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/544,
      author = {Jing Yang and Thomas Johansson and Alexander Maximov},
      title = {Improved guess-and-determine and distinguishing attacks on {SNOW}-V},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/544},
      year = {2021},
      url = {https://eprint.iacr.org/2021/544}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.