FResCA: A Fault-Resistant Cellular Automata Based Stream Cipher
|
|
- Marsha McDonald
- 5 years ago
- Views:
Transcription
1 FResCA: A Fault-Resistant Cellular Automata Based Stream Cipher Jimmy Jose 1,2 Dipanwita Roy Chowdhury 1 1 Crypto Research Laboratory, Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, India 2 Department of Computer Science and Engineering, National Institute of Technology Calicut, India September 5, 2016 Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
2 estream project estream project [1] - an effort to find out compact efficient stream ciphers divided into two categories: software oriented fast encryption in software hardware oriented fast encryption with less hardware Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
3 ACRI 2014 Trivium cipher is a hardware oriented estream finalist Inapplicability of fault attacks against Trivium on a cellular automata based stream cipher was shown in ACRI 2014 [2] Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
4 Fault Resistant Cipher Grain, another hardware oriented estream finalist, is vulnerable to fault attacks [3, 4] We have shown that 4-neighbourhood CA has good cryptographic properties [5] We design a fault-resistant 4-neighbourhood CA based Grain-like cipher Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
5 Fault-Resistant CA Based Stream Cipher - FResCA 4-neighbourhood Nonlinear Uniform CA 3-neighbourhood Linear Maximum Length CA 8 8 Highly Nonlinear Mixing Function (NMIX) i Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
6 FResCA intialisation 4-neighbourhood Nonlinear Uniform CA 3-neighbourhood Linear Maximum Length CA 8 8 Highly Nonlinear Mixing Function (NMIX) Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
7 FResCA - Nonlinear Block Rule 43350: q i (t + 1) = q i 2 (t) q i+1 (t) (q i 1 (t) + q i (t)) Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
8 FResCA - Rule q 1 q i-2 q i-1 q i q i+1 q 128 OR XOR Rule 43350: q i (t + 1) = q i 2 (t) q i+1 (t) (q i 1 (t) + q i (t)) Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
9 FResCA - Linear Block Rule 90: q i (t + 1) = q i 1 (t) q i+1 (t) Rule 150: q i (t + 1) = q i 1 (t) q i (t) q i+1 (t) Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
10 Nonlinear Mixing Block nonlinear mixing is achieved by using NMIX function [6] two n-bit inputs X = (x n 1 x n 2 x 0 ), Y = (y n 1 y n 2 y 0 ), and output Z = (z n 1 z n 2 z 0 ) z i x i y i c i 1 c i x 0 y 0 x i y i x i 1 x i y i 1 y i and x 1 = y 1 = c 1 = 0, 0 i n 1 c i - carry term propagated from i-th bit position to (i + 1)-st bit position Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
11 Working - FResCA cipher initialisation phase 32 cycles taps positions 1, 22, 43, 64, 65, 86, 107, and cycles sufficient for all the 256 state bits to influence the cipher output Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
12 Nonlinear Mixing Block nonlinear bits - (b 1,, b 128 ) linear bits - (s 1,, s 128 ) z 1 = b 128 s 128 b 1 s 1 b 22 s 22 b 43 s 43 b 64 s 64 b 65 s 65 b 86 s 86 b 107 s 107 b 86 b 107 s 86 s variables from the nonlinear block and 8 variables from the linear block nonlinearity correlation immunity - 1 resiliency - 1 algebraic degree - 2 Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
13 Nonlinear Mixing Block z 2 = b 126 b 127 b 128 s 127 (b 1 s 1 ) (b 1 s 2 ) (b 105 b 84 ) (b 105 b 85 ) (b 105 b 86 ) (b 105 b 87 ) (b 105 s 106 ) (b 105 s 108 ) (b 106 b 84 ) (b 106 b 85 ) (b 106 b 86 ) (b 106 b 87 ) (b 106 s 106 ) (b 106 s 108 ) (b 107 b 84 ) (b 107 b 85 ) (b 107 b 86 ) (b 107 b 87 ) (b 107 s 106 ) (b 107 s 108 ) (b 108 b 84 ) (b 108 b 85 ) (b 108 b 86 ) (b 108 b 87 ) (b 108 s 106 ) (b 108 s 108 ) (b 127 b 128 ) (b 2 s 1 ) (b 2 s 2 ) (b 20 s 21 ) (b 20 s 23 ) (b 21 s 21 ) (b 21 s 23 ) (b 22 s 21 ) (b 22 s 23 ) (b 23 s 21 ) (b 23 s 23 ) (b 41 s 42 ) (b 41 s 44 ) (b 42 s 42 ) (b 42 s 44 ) (b 43 s 42 ) (b 43 s 44 ) (b 44 s 42 ) (b 44 s 44 ) (b 62 s 63 ) (b 62 s 65 ) (b 63 s 63 ) (b 63 s 64 ) (b 63 s 65 ) (b 63 s 66 ) (b 64 s 63 ) (b 64 s 64 ) (b 64 s 65 ) (b 64 s 66 ) (b 65 s 63 ) (b 65 s 64 ) (b 65 s 65 ) (b 65 s 66 ) (b 66 s 64 ) (b 66 s 66 ) (b 84 s 85 ) (b 84 s 87 ) (b 85 s 85 ) (b 85 s 87 ) (b 86 s 85 ) (b 86 s 87 ) (b 87 s 85 ) (b 87 s 87 ) (s 106 s 85 ) (s 106 s 87 ) (s 108 s 85 ) (s 108 s 87 ) (b 105 b 85 b 86 ) (b 106 b 107 b 84 ) (b 106 b 107 b 85 ) (b 106 b 107 b 86 ) (b 106 b 107 b 87 ) (b 106 b 107 s 106 ) (b 106 b 107 s 108 ) (b 106 b 85 b 86 ) (b 107 b 85 b 86 ) (b 108 b 85 b 86 ) (b 21 b 22 s 21 ) (b 21 b 22 s 23 ) (b 42 b 43 s 42 ) (b 42 b 43 s 44 ) (b 63 b 64 s 63 ) (b 63 b 64 s 65 ) (b 64 b 65 s 64 ) (b 64 b 65 s 66 ) (b 85 b 86 s 85 ) (b 85 b 86 s 87 ) (b 106 b 107 b 85 b 86 ) Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
14 Nonlinear Mixing Block z 2 contains 26 variables from the nonlinear block and 15 variables from the linear block algebraic degree increases from 2 to 4 Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
15 Security of FResCA Meier-Staffelbach Attack Exploits the many-to-one mapping from the right-hand initial states to the temporal sequence or its right adjacent sequence We have shown a class of 4-neighbourhood CA resists the attack [5]. The nonlinear rule of the cipher is from that class. Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
16 Security of FResCA Linear Attacks Derives linear approximations from the nonlinear relationships in the cipher First output bit in initialisation phase has nonlinearity Nonlinearity increases with each iteration. Keystreams available from 33rd iteration only. Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
17 Security of FResCA Correlation Attacks Exploit the statistical weakness of the Boolean function Nonlinear CA rule exhibits good correlation immunity. NMIX function guarantees correlation immunity and balancedness. Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
18 Security of FResCA Algebraic Attack Forms a system of multivariate equations. They are eventually solved to break the system Ciphers having higher algebraic degree in their Boolean function are resistant to these attacks. Rate of increase in algebraic degree is high with each iteration in the cipher. Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
19 Security of FResCA Scan-Based Side Channel Attacks The reversibility of the algorithm is used to retrieve the key. The combination of nonlinear and linear CA rules makes the cipher non-reversible. Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
20 NIST test NIST test suite [7] is used for testing the randomness of the sequences generated by pseudo-random sequence generators. Here, two key-iv pairs used. They are Key: 0xFEDCBA ABCDEF IV : 0x ABCDEFFEDCBA and Key: 0x ABCDEFFEDCBA IV : 0xFEDCBA ABCDEF Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
21 NIST test 0.1 billion keystream bits are generated. The keystream is given as input to the test suite. The test suite was allowed to partition the input into 100 bitstreams where each bitstream contains 1 million bits. Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
22 NIST test Table: NIST Test Results - FResCA with first key-iv pair Test P-val 1 Proportion 2 Test P-val Proportion Frequency /100 OverlappingTemplate /100 Block Frequency /100 Universal /100 Cumulative Sums* /100 Approximate Entropy /100 Runs /100 RandomExcursions* /50 Longest Run /100 RandomExcursionsVariant* /50 Rank /100 Serial* /100 FFT /100 LinearComplexity /100 NonOverlappingTemp.* /100 *Note: In case of tests with more than one subset, the one with lowest proportion is shown here. F corresponds to failure. 1 probability that a perfect RNG should have generated a sequence which is less random than the sequence under test 2 proportion of the sequence that pass the test Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
23 NIST test Table: NIST Test Results - FResCA with second key-iv pair Test P-val Proportion Test P-val Proportion Frequency /100 OverlappingTemplate /100 Block Frequency /100 Universal /100 Cumulative Sums* /100 Approximate Entropy /100 Runs /100 RandomExcursions* /57 Longest Run /100 RandomExcursionsVariant* /57 Rank /100 Serial* /100 FFT /100 LinearComplexity /100 NonOverlappingTemp.* /100 *Note: In case of tests with more than one subset, the one with lowest proportion is shown here. F corresponds to failure. Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
24 NIST test Table: NIST Test Results - variant of FResCA with first key-iv pair Test P-val Proportion Test P-val Proportion Frequency /100 OverlappingTemplate /100 Block Frequency /100 Universal /100 Cumulative Sums* /100 Approximate Entropy /100 Runs /100 RandomExcursions* /60 Longest Run /100 RandomExcursionsVariant* /60 Rank /100 Serial* /100 FFT /100 LinearComplexity /100 NonOverlappingTemp.* /100 *Note: In case of tests with more than one subset, the one with lowest proportion is shown here. F corresponds to failure. Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
25 NIST test Table: NIST Test Results - variant of FResCA with second key-iv pair Test P-val Proportion Test P-val Proportion Frequency /100 OverlappingTemplate /100 Block Frequency /100 Universal /100 Cumulative Sums* /100 Approximate Entropy /100 Runs /100 RandomExcursions* /62 Longest Run /100 RandomExcursionsVariant* /62 Rank /100 Serial* /100 FFT /100 LinearComplexity /100 NonOverlappingTemp.* F F *Note: In case of tests with more than one subset, the one with lowest proportion is shown here. F corresponds to failure. Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
26 NIST test Table: NIST Test Results - Comparison of FResCA and NOCAS with first key-iv pair FResCA NOCAS Test P-val Proportion P-val Proportion Frequency / /100 Block Frequency / /100 Cumulative Sums* / /100 Runs / /100 Longest Run / /100 Rank / /100 FFT / /100 NonOverlappingTemp.* /100 F F OverlappingTemplate / /100 Universal / /100 Approximate Entropy / /100 RandomExcursions* / /68 RandomExcursionsVariant* / /68 Serial* / /100 LinearComplexity / /100 *Note: In case of tests with more than one subset, the one with lowest proportion is shown here. F corresponds to failure. Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
27 NIST test Table: NIST Test Results - Comparison of FResCA and NOCAS with second key-iv pair FResCA NOCAS Test P-val Proportion P-val Proportion Frequency / /100 Block Frequency / /100 Cumulative Sums* / /100 Runs / /100 Longest Run / /100 Rank / /100 FFT / /100 NonOverlappingTemp.* /100 F F OverlappingTemplate / /100 Universal / /100 Approximate Entropy / /100 RandomExcursions* / /64 RandomExcursionsVariant* / /64 Serial* / /100 LinearComplexity / /100 *Note: In case of tests with more than one subset, the one with lowest proportion is shown here. F corresponds to failure. Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
28 Grain-128 g(x) f(x) NFSR LFSR h(x) Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
29 Grain-128 LFSR - (s i, s i+1,, s i+127 ) NFSR - (b i, b i+1,, b i+127 ) s i+128 = s i s i+7 s i+38 s i+70 s i+81 s i+96. b i+128 = s i b i b i+26 b i+56 b i+91 b i+96 b i+3 b i+67 b i+11 b i+13 b i+17 b i+18 b i+27 b i+59 b i+40 b i+48 b i+61 b i+65 b i+68 b i+84. h = b i+12 s i+8 s i+13 s i+20 b i+95 s i+42 s i+60 s i+79 b i+12 b i+95 s i+95. z i = b i+2 b i+15 b i+36 b i+45 b i+64 b i+73 b i+89 h s i+93. Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
30 Injecting Fault into Linear Block of Grain [3] Attack Description finds out fault location by analysing keystream difference bits output z i contains s i+13 s i+20 and s i+60 s i+79 terms. If fault injected at position 60, output difference gives the value of s 79. Each LFSR bit revealed in this way. Generates linear equations involving NFSR bits from the regular keystream. Grain reversible, runs backward to reveal the key. Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
31 Injecting Fault into Linear Block of Grain (continued) Prevention in FResCA fault position determination fails. A single 1 in the register generates more 1 s in different cell positions with each iteration In Grain, number of LFSR bits recovered depends on fault location and number of iterations after the fault injection In FResCA, fault gets dissipated to more and more neighbours with each iteration In Grain, more iterations produce more linear equations In FResCA, more iterations not fruitful as fault start mixing with more and more neighbours combination of nonlinear and linear CA rules makes FResCA non-reversible Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
32 Injecting Fault into Nonlinear Block of Grain[4] Attack Description For a large number of key-iv pairs, b-bits provide unique keystream difference sequence for a particular fault position thereby revealing the fault position Fault Traces Table contains the list of corrupted bit locations after t iterations on fault injection at location f Equation for b 128 contains seven terms of the form b m b n. Fault in m will reveal b n.linear b-terms in z i gives more linear equations to determine LFSR bits, b i+12 s i+8, b i+95 s i+42, b i+12 b i+95 s i+95 in z i are exploited Grain run backwards to get the key Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
33 Injecting Fault into Nonlinear Block of Grain (continued) Prevention in FResCA Fault propagation depends on the nonlinear CA rule and is propagated to neighbouring cells. Fast diffusion prevents unique pattern corresponding to a fault location. Computed fault traces look random No feedback path. Equation corresponding to b 128 absent. In Grain, 7 single b-bit output taps - b 2, b 15, b 36, b 45, b 64, b 73, b 89. But only one b 128 in FResCA. we cannot move a fault into single bit output tap Fault Traces Table cannot be created to find LFSR bits, fault propagated to specific positions (b m s n ) of NFSR without corrupting other b bits of z i in Grain which is not possible in FResCA. FResCA not reversible Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
34 Summary designed a fault-resistant 4-neighbourhood CA based Grain-like cipher Cipher initialisation 8 times faster than Grain strong against different attacks, in particular, fault attacks experimental results show cipher s robustness Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
35 References The Estream Project, accessed 30 August 2016, Jose, J., Das, S., RoyChoudhury, D.:Inapplicability of fault attacks against trivium on a cellular automata based stream cipher. In: ACRI LNCS, vol. 8751, pp , Springer (2014) Berzati, A., Canovas, C., Castagnos, G., Debraize, B., Goubin, L., Gouget, A., Paillier, P., Saldago, S.: Fault Analysis of Grain-128. In: HOST 09. pp (2009) Karmakar, S., RoyChowdhury, D.: Fault Analysis of Grain-128 by Targeting NFSR. In: AFRICACRYPT pp (2011) Jose, J., Roy Chowdhury, D.: Investigating Four Neighbourhood Cellular Automata as Better Cryptographic Primitives. J. Discrete Mathematical Sciences and Cryptography, to be published in 2016 Bhaumik, J., RoyChowdhury, D.:NMix: An Ideal Candidate for Key Mixing. In: SECRYPT pp (2009) The NIST Statistical Test Suite, accessed 30 August 2016, Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
36 Thank You Jimmy Jose, D Roy Chowdhury (IIT KGP) FResCA September 5, / 36
A New Distinguisher on Grain v1 for 106 rounds
A New Distinguisher on Grain v1 for 106 rounds Santanu Sarkar Department of Mathematics, Indian Institute of Technology, Sardar Patel Road, Chennai 600036, India. sarkar.santanu.bir@gmail.com Abstract.
More informationDifferential Fault Analysis of MICKEY Family of Stream Ciphers
1 Differential Fault Analysis of MICKEY Family of Stream Ciphers Sandip Karmakar, and Dipanwita Roy Chowdhury, Member, IEEE, Department of Computer Science and Engineering, Indian Institute of Technology,
More informationLinear Approximations for 2-round Trivium
Linear Approximations for 2-round Trivium Meltem Sönmez Turan 1, Orhun Kara 2 1 Institute of Applied Mathematics, Middle East Technical University Ankara, Turkey msonmez@metu.edu.tr 2 TUBITAK-UEKAE, Gebze,
More informationLeakage Squeezing using Cellular. SandipKarmakarand DipanwitaRoy Chowdhury, Indian Insituteof Technology, Kharagpur, WB, India
Leakage Squeezing using Cellular Automata SandipKarmakarand DipanwitaRoy Chowdhury, Indian Insituteof Technology, Kharagpur, WB, India Outline Introduction Background CA Leakage Squeezing Leakage Squeezing
More informationCHAPTER 3 CHAOTIC MAPS BASED PSEUDO RANDOM NUMBER GENERATORS
24 CHAPTER 3 CHAOTIC MAPS BASED PSEUDO RANDOM NUMBER GENERATORS 3.1 INTRODUCTION Pseudo Random Number Generators (PRNGs) are widely used in many applications, such as numerical analysis, probabilistic
More informationCryptanalysis of the Stream Cipher DECIM
Cryptanalysis of the Stream Cipher DECIM Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven, ESAT/SCD-COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium {wu.hongjun, bart.preneel}@esat.kuleuven.be
More informationTHEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER. A. A. Zadeh and Howard M. Heys
THEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER A. A. Zadeh and Howard M. Heys Electrical and Computer Engineering Faculty of Engineering and Applied Science Memorial University of Newfoundland
More informationImproved Cascaded Stream Ciphers Using Feedback
Improved Cascaded Stream Ciphers Using Feedback Lu Xiao 1, Stafford Tavares 1, Amr Youssef 2, and Guang Gong 3 1 Department of Electrical and Computer Engineering, Queen s University, {xiaolu, tavares}@ee.queensu.ca
More informationCryptanalysis of Achterbahn
Cryptanalysis of Achterbahn Thomas Johansson 1, Willi Meier 2, and Frédéric Muller 3 1 Department of Information Technology, Lund University P.O. Box 118, 221 00 Lund, Sweden thomas@it.lth.se 2 FH Aargau,
More informationSecurity Evaluation of Stream Cipher Enocoro-128v2
Security Evaluation of Stream Cipher Enocoro-128v2 Hell, Martin; Johansson, Thomas 2010 Link to publication Citation for published version (APA): Hell, M., & Johansson, T. (2010). Security Evaluation of
More informationCryptographically Robust Large Boolean Functions. Debdeep Mukhopadhyay CSE, IIT Kharagpur
Cryptographically Robust Large Boolean Functions Debdeep Mukhopadhyay CSE, IIT Kharagpur Outline of the Talk Importance of Boolean functions in Cryptography Important Cryptographic properties Proposed
More informationOn Stream Ciphers with Small State
ESC 2017, Canach, January 16. On Stream Ciphers with Small State Willi Meier joint work with Matthias Hamann, Matthias Krause (University of Mannheim) Bin Zhang (Chinese Academy of Sciences, Beijing) 1
More informationCryptanalysis of the Stream Cipher ABC v2
Cryptanalysis of the Stream Cipher ABC v2 Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven, ESAT/SCD-COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium {wu.hongjun,bart.preneel}@esat.kuleuven.be
More informationOn The Nonlinearity of Maximum-length NFSR Feedbacks
On The Nonlinearity of Maximum-length NFSR Feedbacks Meltem Sönmez Turan National Institute of Standards and Technology meltem.turan@nist.gov Abstract. Linear Feedback Shift Registers (LFSRs) are the main
More informationOn the Design of Trivium
On the Design of Trivium Yun Tian, Gongliang Chen, Jianhua Li School of Information Security Engineering, Shanghai Jiaotong University, China ruth tian@sjtu.edu.cn, chengl@sjtu.edu.cn, lijh888@sjtu.edu.cn
More informationStream Ciphers: Cryptanalytic Techniques
Stream Ciphers: Cryptanalytic Techniques Thomas Johansson Department of Electrical and Information Technology. Lund University, Sweden ECRYPT Summer school 2007 (Lund University) Stream Ciphers: Cryptanalytic
More informationOpen problems related to algebraic attacks on stream ciphers
Open problems related to algebraic attacks on stream ciphers Anne Canteaut INRIA - projet CODES B.P. 105 78153 Le Chesnay cedex - France e-mail: Anne.Canteaut@inria.fr Abstract The recently developed algebraic
More informationMaximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers
Maximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers Muxiang Zhang 1 and Agnes Chan 2 1 GTE Laboratories Inc., 40 Sylvan Road LA0MS59, Waltham, MA 02451 mzhang@gte.com 2 College of Computer
More informationACORN: A Lightweight Authenticated Cipher (v3)
ACORN: A Lightweight Authenticated Cipher (v3) Designer and Submitter: Hongjun Wu Division of Mathematical Sciences Nanyang Technological University wuhongjun@gmail.com 2016.09.15 Contents 1 Specification
More informationSTREAM CIPHER. Chapter - 3
STREAM CIPHER Chapter - 3 S t r e a m C i p h e r P a g e 38 S t r e a m C i p h e r P a g e 39 STREAM CIPHERS Stream cipher is a class of symmetric key algorithm that operates on individual bits or bytes.
More informationAlgebraic Immunity of S-boxes and Augmented Functions
Algebraic Immunity of S-boxes and Augmented Functions Simon Fischer and Willi Meier S. Fischer and W. Meier AI of Sbox and AF 1 / 23 Outline 1 Algebraic Properties of S-boxes 2 Augmented Functions 3 Application
More informationAnalysis of Modern Stream Ciphers
Analysis of Modern Stream Ciphers Josef Pieprzyk Centre for Advanced Computing Algorithms and Cryptography, Macquarie University, Australia CANS - Singapore - December 2007 estream Outline 1. estream Project
More informationImproved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5
Improved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5 Anne Canteaut 1 and Michaël Trabbia 1,2 1 INRIA projet CODES B.P. 105 78153 Le Chesnay Cedex - France Anne.Canteaut@inria.fr
More informationCryptanalysis of Grain
Cryptanalysis of Grain Côme Berbain 1, Henri Gilbert 1, and Alexander Maximov 2 1 France Telecom Research and Development 38-40 rue du Général Leclerc, 92794 Issy-les-Moulineaux, France 2 Dept. of Information
More informationChosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers
Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers Simon Fischer 1, Shahram Khazaei 2, and Willi Meier 1 1 FHNW and 2 EPFL (Switzerland) AfricaCrypt 2008, Casablanca - June 11-14
More informationKey Recovery with Probabilistic Neutral Bits
ESC 7.1. 11. 1. 2007 Key Recovery with Probabilistic Neutral Bits Simon Fischer 1, Shahram Khazaei 2 and Willi Meier 1 1 FHNW, Windisch, Switzerland 2 EPFL, Lausanne, Switzerland Outline Motivation Probabilistic
More informationMILP-based Cube Attack on the Reduced-Round WG-5 Lightweight Stream Cipher
MILP-based Cube Attack on the Reduced-Round WG-5 Lightweight Stream Cipher Raghvendra Rohit, Riham AlTawy, & Guang Gong Department of Electrical and Computer Engineering, University of Waterloo Waterloo,
More informationAN EFFICIENT PRNG FOR STREAM CIPHERS BASED ON HYBRID CELLULAR AUTOMATA WITH NONLINEAR FEEDBACK
THE PUBLISHING HOUSE PROCEEDINGS OF THE ROMANIAN ACADEMY, Series A, OF THE ROMANIAN ACADEMY Volume 16, Special Issue 2015, pp. 367-374 AN EFFICIENT PRNG FOR STREAM CIPHERS BASED ON HYBRID CELLULAR AUTOMATA
More informationCryptographic D-morphic Analysis and Fast Implementations of Composited De Bruijn Sequences
Cryptographic D-morphic Analysis and Fast Implementations of Composited De Bruijn Sequences Kalikinkar Mandal, and Guang Gong Department of Electrical and Computer Engineering University of Waterloo Waterloo,
More informationSearching Cubes for Testing Boolean Functions and Its Application to Trivium
Searching Cubes for Testing Boolean Functions and Its Application to Trivium Meicheng Liu, Dongdai Lin and Wenhao Wang State Key Laboratory of Information Security Institute of Information Engineering
More informationA Scalable Method for Constructing Galois NLFSRs with Period 2 n 1 using Cross-Join Pairs
A Scalable Method for Constructing Galois NLFSRs with Period 2 n 1 using Cross-Join Pairs Elena Dubrova Royal Institute of Technology (KTH), Forum 12, 164 4 Kista, Sweden {dubrova}@kth.se Abstract. This
More informationModified Alternating Step Generators
Modified Alternating Step Generators Robert Wicik, Tomasz Rachwalik Military Communication Institute Warszawska 22A, 05-130 Zegrze, Poland {r.wicik, t.rachwalik}@wil.waw.pl Abstract. Irregular clocking
More informationDynamic Cube Attack on 105 round Grain v1
Noname manuscript No. (will be inserted by the editor) Dynamic Cube Attack on 105 round Grain v1 Subhadeep Banik Received: date / Accepted: date Abstract As far as the Differential Cryptanalysis of reduced
More informationA GENERAL FRAMEWORK FOR GUESS-AND-DETERMINE AND TIME-MEMORY-DATA TRADE-OFF ATTACKS ON STREAM CIPHERS
A GENERAL FRAMEWORK FOR GUESS-AND-DETERMINE AND TIME-MEMORY-DATA TRADE-OFF ATTACKS ON STREAM CIPHERS Guanhan Chew, Khoongming Khoo DSO National Laboratories, 20 Science Park Drive, Singapore 118230 cguanhan,kkhoongm@dso.org.sg
More informationFast correlation attacks on certain stream ciphers
FSE 2011, February 14-16, Lyngby, Denmark Fast correlation attacks on certain stream ciphers Willi Meier FHNW Switzerland 1 Overview A decoding problem LFSR-based stream ciphers Correlation attacks Fast
More informationAnalysis of Some Quasigroup Transformations as Boolean Functions
M a t h e m a t i c a B a l k a n i c a New Series Vol. 26, 202, Fasc. 3 4 Analysis of Some Quasigroup Transformations as Boolean Functions Aleksandra Mileva Presented at MASSEE International Conference
More informationA Byte-Based Guess and Determine Attack on SOSEMANUK
A Byte-Based Guess and Determine Attack on SOSEMANUK Xiutao Feng, Jun Liu, Zhaocun Zhou, Chuankun Wu and Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy
More informationDifferential Fault Analysis of Trivium
Differential Fault Analysis of Trivium Michal Hojsík 1,2 and Bohuslav Rudolf 2,3 1 Department of Informatics, University of Bergen, N-5020 Bergen, Norway 2 Department of Algebra, Charles University in
More informationComputing the biases of parity-check relations
Computing the biases of parity-check relations Anne Canteaut INRIA project-team SECRET B.P. 05 7853 Le Chesnay Cedex, France Email: Anne.Canteaut@inria.fr María Naya-Plasencia INRIA project-team SECRET
More informationCharacterizations on Algebraic Immunity for Multi-Output Boolean Functions
Characterizations on Algebraic Immunity for Multi-Output Boolean Functions Xiao Zhong 1, and Mingsheng Wang 3 1. Institute of Software, Chinese Academy of Sciences, Beijing 100190, China. Graduate School
More informationImpact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers
Impact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers Goutam Paul and Shashwat Raizada Jadavpur University, Kolkata and Indian Statistical Institute,
More informationLinear Extension Cube Attack on Stream Ciphers ABSTRACT 1. INTRODUCTION
Malaysian Journal of Mathematical Sciences 9(S) June: 139-156 (015) Special ssue: The 4 th nternational Cryptology and nformation Security Conference 014 (Cryptology 014) MALAYSAN JOURNAL OF MATHEMATCAL
More informationIEOR SEMINAR SERIES Cryptanalysis: Fast Correlation Attacks on LFSR-based Stream Ciphers
IEOR SEMINAR SERIES Cryptanalysis: Fast Correlation Attacks on LFSR-based Stream Ciphers presented by Goutam Sen Research Scholar IITB Monash Research Academy. 1 Agenda: Introduction to Stream Ciphers
More informationStream ciphers I. Thomas Johansson. May 16, Dept. of EIT, Lund University, P.O. Box 118, Lund, Sweden
Dept. of EIT, Lund University, P.O. Box 118, 221 00 Lund, Sweden thomas@eit.lth.se May 16, 2011 Outline: Introduction to stream ciphers Distinguishers Basic constructions of distinguishers Various types
More informationNew Methods for Cryptanalysis of Stream Ciphers. The Selmer Centre Department of Informatics University of Bergen Norway
New Methods for Cryptanalysis of Stream Ciphers Håvard Molland The Selmer Centre Department of Informatics University of Bergen Norway 18th May 2005 Acknowledgments I would like to express my gratitude
More informationSequences, DFT and Resistance against Fast Algebraic Attacks
Sequences, DFT and Resistance against Fast Algebraic Attacks Guang Gong Department of Electrical and Computer Engineering University of Waterloo Waterloo, Ontario N2L 3G1, CANADA Email. ggong@calliope.uwaterloo.ca
More informationAlgebraic attack on stream ciphers Master s Thesis
Comenius University Faculty of Mathematics, Physics and Informatics Department of Computer Science Algebraic attack on stream ciphers Master s Thesis Martin Vörös Bratislava, 2007 Comenius University Faculty
More informationCorrelation Cube Attacks: From Weak-Key Distinguisher to Key Recovery
Correlation Cube Attacks: From Weak-Key Distinguisher to Key Recovery Meicheng Liu, Jingchun Yang, Wenhao Wang, and Dongdai Lin State Key Laboratory of Information Security, Institute of Information Engineering,
More informationDifferential Fault Analysis of Sosemanuk
Differential Fault Analysis of Sosemanuk Yaser Esmaeili Salehani, Aleksandar Kircanski, and Amr Youssef Concordia Institute for Information Systems Engineering, Concordia University Montreal, Quebec, H3G
More informationA new simple technique to attack filter generators and related ciphers
A new simple technique to attack filter generators and related ciphers Håkan Englund and Thomas Johansson Dept. of Information Techonolgy, Lund University, P.O. Box 118, 221 00 Lund, Sweden Abstract. This
More informationON DISTINGUISHING ATTACK AGAINST THE REDUCED VERSION OF THE CIPHER NLSV2
t m Mathematical Publications DOI: 10.2478/v10127-012-0037-5 Tatra Mt. Math. Publ. 53 (2012), 21 32 ON DISTINGUISHING ATTACK AGAINST THE REDUCED VERSION OF THE CIPHER NLSV2 Michal Braško Jaroslav Boor
More informationThe Filter-Combiner Model for Memoryless Synchronous Stream Ciphers
The Filter-Combiner Model for Memoryless Synchronous Stream Ciphers Palash Sarkar Cryptology Research Centre Applied Statistics Unit Indian Statistical Institute 203, B.T. Road, Kolkata 700035 India palash@isical.ac.in
More informationSignature Attractor Based Pseudorandom Generation Algorithm
Advanced Studies in Theoretical Physics Vol. 9, 2015, no. 6, 287-293 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/astp.2015.517 Signature Attractor Based Pseudorandom Generation Algorithm Krasimir
More informationNumerical Solvers in Cryptanalysis
Numerical Solvers in Cryptanalysis M. Lamberger, T. Nad, V. Rijmen Institute for Applied Information Processing and Communications (IAIK) Graz University of Technology Inffeldgasse 16a, A-8010 Graz, Austria
More informationTwo Generic Methods of Analyzing Stream Ciphers
Two Generic Methods of Analyzing Stream Ciphers Lin Jiao 1,2, Bin Zhang 1,3, and Mingsheng Wang 4 1 TCA, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China 2 University of Chinese
More informationFast Near Collision Attack on the Grain v1 Stream Cipher
Fast Near Collision Attack on the Grain v1 Stream Cipher Bin Zhang 1,,3,4, Chao Xu 1,, and Willi Meier 5 1 TCA Laboratory, SKLCS, Institute of Software, Chinese Academy of Sciences {zhangbin,xuchao}@tca.iscas.ac.cn
More informationDifferential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy
Differential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven, ESAT/SCD-COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium wu.hongjun,bart.preneel@esat.kuleuven.be
More informationFiltering Nonlinear Feedback Shift Registers using Welch-Gong Transformations for Securing RFID Applications
Filtering Nonlinear Feedback Shift Registers using Welch-Gong Transformations for Securing RFID Applications Kalikinkar Mandal, and Guang Gong Department of Electrical and Computer Engineering University
More informationa fast correlation attack implementation
university of cape town a fast correlation attack implementation Honours Project 2011 Azhar Desai supervisors Dr Anne Kayem Dr Christine Swart Abstract Stream ciphers are used to encrypt data on devices
More informationCube Testers and Key-Recovery Attacks on Reduced-Round MD6 and Trivium
Cube Testers and Key-Recovery Attacks on Reduced-Round MD6 and Trivium Jean-Philippe Aumasson, Itai Dinur, Willi Meier, Adi Shamir 1 / 27 Cube attacks 2 / 27 Timeline Aug 08: Shamir presents cube attacks
More informationHard Fault Analysis of Trivium
1 Hard Fault Analysis of Trivium Yupu Hu, Fengrong Zhang, and Yiwei Zhang, arxiv:0907.2315v1 [cs.cr] 14 Jul 2009 Abstract Fault analysis is a powerful attack to stream ciphers. Up to now, the major idea
More informationNew Distinguishers for Reduced Round Trivium and Trivia-SC using Cube Testers (Extended Abstract)
New Distinguishers for Reduced Round Trivium and Trivia-SC using Cube Testers (Extended Abstract) Anubhab Baksi 1, Subhamoy Maitra 1, Santanu Sarkar 2 1 Indian Statistical Institute, 203 B. T. Road, Kolkata
More informationHow to strengthen pseudo-random generators by using compression
How to strengthen pseudo-random generators by using compression Aline Gouget,, Hervé Sibert France Telecom Research and Development, 4 rue des Coutures, BP643, F-466 Caen Cedex 4, France { aline.gouget,
More informationAlgebraic Attack Against Trivium
Algebraic Attack Against Trivium Ilaria Simonetti, Ludovic Perret and Jean Charles Faugère Abstract. Trivium is a synchronous stream cipher designed to provide a flexible trade-off between speed and gate
More informationNear Collision Attack on the Grain v1 Stream Cipher
Near Collision Attack on the Grain v1 Stream Cipher Bin Zhang, Zhenqi Li, Dengguo Feng and Dongdai Lin State Key Laboratory of Information Security, IIE, Chinese Academy of Sciences, Beijing, 100093, China.
More informationCryptanalysis of the Light-Weight Cipher A2U2 First Draft version
Cryptanalysis of the Light-Weight Cipher A2U2 First Draft version Mohamed Ahmed Abdelraheem, Julia Borghoff, Erik Zenner Technical University of Denmark, DK-2800 Kgs. Lyngby, Denmark {M.A.Abdelraheem,J.Borghoff,E.Zenner}@mat.dtu.dk
More informationOn the pseudo-random generator ISAAC
On the pseudo-random generator ISAAC Jean-Philippe Aumasson FHNW, 5210 Windisch, Switzerland Abstract. This paper presents some properties of he deterministic random bit generator ISAAC (FSE 96), contradicting
More informationThesis Research Notes
Thesis Research Notes Week 26-2012 Christopher Wood June 29, 2012 Abstract This week was devoted to reviewing some classical literature on the subject of Boolean functions and their application to cryptography.
More informationA survey of algebraic attacks against stream ciphers
A survey of algebraic attacks against stream ciphers Frederik Armknecht NEC Europe Ltd. Network Laboratories frederik.armknecht@netlab.nec.de Special semester on Gröbner bases and related methods, May
More informationLightweight Cryptography for RFID Systems
Lightweight Cryptography for RFID Systems Guang Gong Department of Electrical and Computer Engineering University of Waterloo CANADA G. Gong (University of Waterloo)
More informationA Byte-Based Guess and Determine Attack on SOSEMANUK
A Byte-Based Guess and Determine Attack on SOSEMANUK Xiutao Feng, Jun Liu, Zhaocun Zhou, Chuankun Wu, and Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy
More informationSelf-shrinking Bit Generation Algorithm Based on Feedback with Carry Shift Register
Advanced Studies in Theoretical Physics Vol. 8, 2014, no. 24, 1057-1061 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/astp.2014.49132 Self-shrinking Bit Generation Algorithm Based on Feedback
More informationFunctions on Finite Fields, Boolean Functions, and S-Boxes
Functions on Finite Fields, Boolean Functions, and S-Boxes Claude Shannon Institute www.shannoninstitute.ie and School of Mathematical Sciences University College Dublin Ireland 1 July, 2013 Boolean Function
More informationMILP-based Cube Attack on the Reduced-Round WG-5 Lightweight Stream Cipher
MILP-based Cube Attack on the Reduced-Round WG-5 Lightweight Stream Cipher Raghvendra Rohit, Riham AlTawy, and Guang Gong Department of Electrical and Computer Engineering, University of Waterloo, Waterloo,
More informationAttacks against Filter Generators Exploiting Monomial Mappings
Attacks against Filter Generators Exploiting Monomial Mappings Anne Canteaut and Yann Rotella Inria, Paris, France Anne.Canteaut@inria.fr, Yann.Rotella@inria.fr Abstract. Filter generators are vulnerable
More informationFault Analysis of the KATAN Family of Block Ciphers
Fault Analysis of the KATAN Family of Block Ciphers Shekh Faisal Abdul-Latip 1,2, Mohammad Reza Reyhanitabar 1, Willy Susilo 1, and Jennifer Seberry 1 1 Centre for Computer and Information Security Research,
More informationThe LILI-128 Keystream Generator
The LILI-128 Keystream Generator E. Dawson 1 A. Clark 1 J. Golić 2 W. Millan 1 L. Penna 1 L. Simpson 1 1 Information Security Research Centre, Queensland University of Technology GPO Box 2434, Brisbane
More informationAlgebraic Aspects of Symmetric-key Cryptography
Algebraic Aspects of Symmetric-key Cryptography Carlos Cid (carlos.cid@rhul.ac.uk) Information Security Group Royal Holloway, University of London 04.May.2007 ECRYPT Summer School 1 Algebraic Techniques
More informationAttacks Against Filter Generators Exploiting Monomial Mappings
Attacks Against Filter Generators Exploiting Monomial Mappings Anne Canteaut, Yann Rotella To cite this version: Anne Canteaut, Yann Rotella. Attacks Against Filter Generators Exploiting Monomial Mappings.
More informationSome thoughts on Trivium
Some thoughts on Trivium Steve Babbage Vodafone Group R&D, Newbury, UK steve.babbage@vodafone.com 19 th January 2007 Abstract: This paper pulls together some thoughts about how the Trivium stream cipher
More informationAnalysis of Message Injection in Stream Cipher-based Hash Functions
Analysis o Message Injection in Stream Cipher-based Hash Functions Yuto Nakano 1, Carlos Cid 2, Kazuhide Fukushima 1, and Shinsaku Kiyomoto 1 1 KDDI R&D Laboratories Inc. 2 Royal Holloway, University o
More informationAnalysis of cryptographic hash functions
Analysis of cryptographic hash functions Christina Boura SECRET Project-Team, INRIA Paris-Rocquencourt Gemalto, France Ph.D. Defense December 7, 2012 1 / 43 Symmetric key cryptography Alice and Bob share
More informationCube Attacks on Stream Ciphers Based on Division Property
Cube Attacks on Stream Ciphers Based on Division Property Chaoyun Li ESAT-COSIC, KU Leuven 12-10-2017, Crete Chaoyun Li (ESAT-COSIC, KU Leuven) Cube attacks 12-10-2017, Crete 1 / 23 Plan 1 Cube Attack:
More informationImproved Linear Cryptanalysis of SOSEMANUK
Improved Linear Cryptanalysis of SOSEMANUK Joo Yeon Cho and Miia Hermelin Helsinki University of Technology, Department of Information and Computer Science, P.O. Box 5400, FI-02015 TKK, Finland {joo.cho,miia.hermelin}@tkk.fi
More informationNonlinear Equivalence of Stream Ciphers
Sondre Rønjom 1 and Carlos Cid 2 1 Crypto Technology Group, Norwegian National Security Authority, Bærum, Norway 2 Information Security Group, Royal Holloway, University of London Egham, United Kingdom
More informationSmart Hill Climbing Finds Better Boolean Functions
Smart Hill Climbing Finds Better Boolean Functions William Millan, Andrew Clark and Ed Dawson Information Security Research Centre Queensland University of Technology GPO Box 2434, Brisbane, Queensland,
More informationFormal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers
Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers Sarani Bhattacharya and Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur PROOFS 2016 August
More informationAn efficient parallel pseudorandom bit generator based on an asymmetric coupled chaotic map lattice
PRAMANA c Indian Academy of Sciences Vol. 85, No. 4 journal of October 215 physics pp. 617 627 An efficient parallel pseudorandom bit generator based on an asymmetric coupled chaotic map lattice RENFU
More informationCryptanalysis of the Knapsack Generator
Cryptanalysis of the Knapsack Generator Simon Knellwolf and Willi Meier FHNW, Switzerland Abstract. The knapsack generator was introduced in 1985 by Rueppel and Massey as a novel LFSR-based stream cipher
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Appendix A: Symmetric Techniques Block Ciphers A block cipher f of block-size
More informationCube Attacks on Non-Blackbox Polynomials Based on Division Property (Full Version)
Cube Attacks on Non-Blackbox Polynomials Based on Division Property (Full Version) Yosuke Todo 1, Takanori Isobe 2, Yonglin Hao 3, and Willi Meier 4 1 NTT Secure Platform Laboratories, Tokyo 180-8585,
More informationDesign of a New Stream Cipher: PALS
Design of a New Stream Cipher: PALS Mohammadreza Ashouri, University of Potsdam, Germany Ashouri@uni-potsdam.de Abstract In this paper, a new stream cipher is designed as a clock-controlled one, but with
More informationImprovements to Correlation Attacks Against Stream. Ciphers with Nonlinear Combiners. Brian Stottler Elizabethtown College
Improvements to Correlation Attacks Against Stream Ciphers with Nonlinear Combiners Brian Stottler Elizabethtown College Spring 2018 1 Background 1.1 Stream Ciphers Throughout the multi-thousand year history
More informationAlgebraic Attacks on Stream Ciphers with Linear Feedback
Algebraic Attacks on Stream Ciphers with Linear Feedback Extended Version of the Eurocrypt 2003 paper, August 24, 2003 Nicolas T. Courtois 1 and Willi Meier 2 1 Cryptography Research, Schlumberger Smart
More informationDeterministic Cube Attacks:
Deterministic Cube Attacks: A New Method to Recover Superpolies in Practice Chen-Dong Ye and Tian Tian National Digital Switching System Engineering & Technological Research Center, P.O. Box 407, 62 Kexue
More informationImage Encryption and Decryption Algorithm Using Two Dimensional Cellular Automata Rules In Cryptography
Image Encryption and Decryption Algorithm Using Two Dimensional Cellular Automata Rules In Cryptography P. Sanoop Kumar Department of CSE, Gayatri Vidya Parishad College of Engineering(A), Madhurawada-530048,Visakhapatnam,
More informationNew Implementations of the WG Stream Cipher
New Implementations of the WG Stream Cipher Hayssam El-Razouk, Arash Reyhani-Masoleh, and Guang Gong Abstract This paper presents two new hardware designs of the WG-28 cipher, one for the multiple output
More informationX-FCSR: a new software oriented stream cipher based upon FCSRs
X-FCSR: a new software oriented stream cipher based upon FCSRs François Arnault 1, Thierry P. Berger 1, Marine Minier 2, and Cédric Lauradoux 3 1 XLIM, Faculté des Sciences de Limoges 23 avenue Albert
More informationA TMDTO Attack Against Lizard
A TMDTO Attack Against Lizard Subhamoy Maitra 1, Nishant Sinha 2, Akhilesh Siddhanti 3, Ravi Anand 4, Sugata Gangopadhyay 2 1 Indian Statistical Institute, Kolkata, subho@isical.ac.in 2 Indian Institute
More informationCryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks
Cryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks Jung-Keun Lee, Dong Hoon Lee, and Sangwoo Park ETRI Network & Communication Security Division, 909 Jeonmin-dong, Yuseong-gu, Daejeon, Korea Abstract.
More information