A Framework for Chosen IV Statistical Analysis of Stream Ciphers

  title={A Framework for Chosen IV Statistical Analysis of Stream Ciphers},
  author={H{\aa}kan Englund and Thomas Johansson and Meltem S{\"o}nmez Turan},
Saarinen recently proposed a chosen IV statistical attack, called the d-monomial test, and used it to find weaknesses in several proposed stream ciphers. In this paper we generalize this idea and propose a framework for chosen IV statistical attacks using a polynomial description. We propose a few new statistical attacks, apply them on some existing stream cipher proposals, and give some conclusions regarding the strength of their IV initialization. In particular, we experimentally detected… Expand
Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers
Evidence is given that the present analysis is not applicable on Grain-128 or Trivium with full IV initialization, and it is experimentally demonstrated how to deduce a few key bits. Expand
A New Chosen IV Statistical Attack on Grain-128a Cipher
  • V. Ghafari, Honggang Hu
  • Computer Science
  • 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC)
  • 2017
A new chosen IV statistical attack is proposed that enables us to distinguish between random sequences and keystreams of Grain-128a up to 169 initial rounds with the 2^26 computational complexity and can reveal the weaknesses that are not possible to be found by d-monomial tests. Expand
High order differential attacks on stream ciphers
This work reviews the various techniques of differential cryptanalysis and translates them into the terminology of high order derivatives introduced by Lai, and naturally suggests generalizations and refinements such as conditional differential crypt analysis. Expand
A new chosen IV statistical distinguishing framework to attack symmetric ciphers, and its application to ACORN-v3 and Grain-128a
A new attack framework based upon cube testers and d-monomial test that is applicable to all symmetric ciphers and hash functions and can reveal weaknesses that are not possible to find by other statistical tests is proposed. Expand
A Distinguish attack on Rabbit Stream Cipher Based on Multiple Cube Tester
This paper shows for a mature cube the authors could easily identify weak subcubes which increase the probability of distinguishing for an unknown secret key, and represents with 2 complexity, using one iteration of next state function the keystream is completely distinguishable from random. Expand
Design and Implementation of a Statistical Testing Framework for a Lightweight Stream Cipher
UWS is used to illustrate the effect of the LFSR choice on possibly distinguishing attacks on the SG and confirm that the proposed UWS scheme is a viable measure of the cryptographic strength of a stream cipher. Expand
Improved Greedy Nonrandomness Detectors for Stream Ciphers
An improved algorithm is constructed to determine the subset of key and IV-bits used in the maximum degree monomial test, which is generic, and can be applied to any stream cipher. Expand
New Distinguishers Based on Random Mappings against Stream Ciphers
A new framework of randomness testing based on random mappings is proposed and three new distinguishers of coverage test, ρ-test and DP-coverage test are presented and applied on Phase III Candidates of eSTREAM project. Expand
A Chosen IV Related Key Attack on Grain-128a
This paper presents a Key recovery attack on Grain-128a, in a chosen IV related Key setting, and shows that using around γ·232 (γ is a experimentally determined constant and it is sufficient to estimate it as 28) related Keys andγ·264 chosen IVs, it is possible to obtain 32·γ simple nonlinear equations and solve them to recover the Secret Key in Grain- 128a. Expand
NOCAS : A Nonlinear Cellular Automata Based Stream Cipher
The proposed cipher is shown to be resistant against known existing attacks and designed to produce $\mathrm{2^{128}}$ random keystream bits and initialization phase is made faster 4 times than that of Grain-128. Expand


Chosen-IV Statistical Attacks on eSTREAM Stream Ciphers
d-Monomial tests are statistical randomness tests based on Algebraic Normal Form representation of a Boolean function, and were first introduced by Filiol in 2002. We show that there are strongExpand
Decim v2
In this paper, we present Decim, a stream cipher hardwareoriented selected for the phase 3 of the ECRYPT stream cipher project eSTREAM. As required by the initial call for hardware-oriented streamExpand
A New Statistical Testing for Symmetric Ciphers and Hash Functions
A new statistical testing of symmetric ciphers and hash functions which allow us to detect biases in a few of these systems is presented, showing that AES, DES, Snow, and Lili-128 fail the tests wholly or partly and thus present strong biases. Expand
Resynchronization Weaknesses in Synchronous Stream Ciphers
A powerful general attack on nonlinearly filtered linear (over Z2) systems is presented and this attack is further refined to efficiently cryptanalyze a linear system with a multiplexer as output function. Expand
Extending the Resynchronization Attack
This paper extends attacks on ciphers using the standard attack with cryptanalytic techniques such as algebraic attacks and linear cryptanalysis, and shows that using linear resync mechanisms should be avoided. Expand
Weaknesses in the Key Scheduling Algorithm of RC4
It is shown that RC4 is completely insecure in a common mode of operation which is used in the widely deployed Wired Equivalent Privacy protocol (WEP, which is part of the 802.11 standard), in which a fixed secret key is concatenated with known IV modifiers in order to encrypt different messages. Expand
A Stream Cipher Proposal: Grain-128
A new stream cipher, Grain-128, is proposed. The design is very small in hardware and it targets environments with very limited resources in gate count, power consumption, and chip area. Grain-128Expand
On the Resynchronization Attack
The resynchronization attack on stream ciphers with a linear next-state function and a nonlinear output function is further investigated and an efficient branching algorithm for reconstructing this function along with the secret key is proposed and analyzed. Expand
Trivium Specifications ?
This document specifies Trivium, a hardware oriented synchronous stream cipher which aims to provide a flexible trade-off between speed and area. The description of the cipher is followed by someExpand
A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
Abstract : This paper discusses some aspects of selecting and testing random and pseudorandom number generators. The outputs of such generators may he used in many cryptographic applications, such asExpand