In eprint/2012/338 we read:
"for the first time, we propose a general algebraic attack framework on
the multi-output stream ciphers"
But in fact the authors ignore the most basic literature on the topic:
The following paper specifically covers the scenario with multiple
outputs and provides many useful worst-case bounds on the existence of
Algebraic Attacks on Combiners with Memory and Several Outputs,
ICISC 2004, LNCS 3506, pp. 3-20, Springer 2005.
An extended and updated version of this paper is available at
On page 5 we find 4 attack scenarios called S1-S4.
This is highly confusing, because,
please note that a similar notation S12345 was used in the extended version of
Nicolas Courtois, Willi Meier: Algebraic Attacks on Stream Ciphers with
Linear Feedback. Eurocrypt 2003, LNCS 2656, pp. 345-359, Springer.
This is available at [www.nicolascourtois.com
The notation S12345 is also used in extended slides by Courtois which can be found at
The scenario S5 on page 70 is precisely the attack with multiple outputs (and also for augmented functions).
Edited 7 time(s). Last edit at 10-Sep-2012 12:46 by ncourtois.