You are looking at a specific version 20210427:061034 of this paper. See the latest version.

Paper 2021/546

Distinguishing and Key Recovery Attacks on the Reduced-Round SNOW-V

Jin Hoki and Takanori Isobe and Ryoma Ito and Fukang Liu and Kosei Sakamoto

Abstract

This paper proposes distinguishing and key recovery attacks on the reduced-round versions of the SNOW-V stream cipher. First, we construct a MILP model to search for integral characteristics using the division property, and find the best integral distinguisher in the 3-, 4-, and 5-round versions with time complexities of \(2^8\), \(2^{16}\), and \(2^{48}\), respectively. Next, we construct a bit-level MILP model to efficiently search for differential characteristics, and find the best differential characteristics in the 3- and 4-round versions. These characteristics lead to the 3- and 4-round differential distinguishers with time complexities of \(2^{48}\) and \(2^{103}\), respectively. Then, we consider single-bit and dual-bit differential cryptanalysis, which is inspired by the existing study on Salsa and ChaCha. By carefully choosing the IV values and differences, we observe the best bit-wise differential biases with \(2^{−1.733}\) and \(2^{−17.934}\) in the 4- and 5-round versions, respectively. This is feasible to construct a very practical distinguisher with a time complexity of \(2^{4.466}\) for the 4-round version, and a distinguisher with a time complexity of at least \(2^{36.868}\) for the 5-round version. Finally, we improve the existing differential attack based on probabilistic neutral bits, which is also inspired by the existing study on Salsa and ChaCha. As a result, we present the best key recovery attack on the 4-round version with a time complexity of \(2^{153.97}\) and data complexity of \(2^{26.96}\). Consequently, we significantly improve the existing best attacks in the initialization phase by the designers.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Major revision. ACISP 2021
Keywords
SNOWStream cipher5G · Integral attackDifferential attackProbabilistic Neutral Bits (PNB)
Contact author(s)
takanori isobe @ ai u-hyogo ac jp,itorym @ nict go jp
History
2022-01-12: last of 3 revisions
2021-04-27: received
See all versions
Short URL
https://ia.cr/2021/546
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.