# A Framework for Chosen IV Statistical Analysis of Stream Ciphers

@inproceedings{Englund2007AFF, title={A Framework for Chosen IV Statistical Analysis of Stream Ciphers}, author={H{\aa}kan Englund and Thomas Johansson and Meltem S{\"o}nmez Turan}, booktitle={INDOCRYPT}, year={2007} }

Saarinen recently proposed a chosen IV statistical attack, called the d-monomial test, and used it to find weaknesses in several proposed stream ciphers. In this paper we generalize this idea and propose a framework for chosen IV statistical attacks using a polynomial description. We propose a few new statistical attacks, apply them on some existing stream cipher proposals, and give some conclusions regarding the strength of their IV initialization. In particular, we experimentally detected… Expand

#### Figures, Tables, and Topics from this paper

#### 107 Citations

Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers

- Computer Science
- AFRICACRYPT
- 2008

Evidence is given that the present analysis is not applicable on Grain-128 or Trivium with full IV initialization, and it is experimentally demonstrated how to deduce a few key bits. Expand

A New Chosen IV Statistical Attack on Grain-128a Cipher

- Computer Science
- 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC)
- 2017

A new chosen IV statistical attack is proposed that enables us to distinguish between random sequences and keystreams of Grain-128a up to 169 initial rounds with the 2^26 computational complexity and can reveal the weaknesses that are not possible to be found by d-monomial tests. Expand

High order differential attacks on stream ciphers

- Mathematics, Computer Science
- Cryptography and Communications
- 2012

This work reviews the various techniques of differential cryptanalysis and translates them into the terminology of high order derivatives introduced by Lai, and naturally suggests generalizations and refinements such as conditional differential crypt analysis. Expand

A new chosen IV statistical distinguishing framework to attack symmetric ciphers, and its application to ACORN-v3 and Grain-128a

- Computer Science, Mathematics
- IACR Cryptol. ePrint Arch.
- 2017

A new attack framework based upon cube testers and d-monomial test that is applicable to all symmetric ciphers and hash functions and can reveal weaknesses that are not possible to find by other statistical tests is proposed. Expand

A Distinguish attack on Rabbit Stream Cipher Based on Multiple Cube Tester

- Computer Science
- IACR Cryptol. ePrint Arch.
- 2013

This paper shows for a mature cube the authors could easily identify weak subcubes which increase the probability of distinguishing for an unknown secret key, and represents with 2 complexity, using one iteration of next state function the keystream is completely distinguishable from random. Expand

Design and Implementation of a Statistical Testing Framework for a Lightweight Stream Cipher

- Computer Science
- 2020

UWS is used to illustrate the effect of the LFSR choice on possibly distinguishing attacks on the SG and confirm that the proposed UWS scheme is a viable measure of the cryptographic strength of a stream cipher. Expand

Improved Greedy Nonrandomness Detectors for Stream Ciphers

- Computer Science
- ICISSP
- 2017

An improved algorithm is constructed to determine the subset of key and IV-bits used in the maximum degree monomial test, which is generic, and can be applied to any stream cipher. Expand

New Distinguishers Based on Random Mappings against Stream Ciphers

- Mathematics, Computer Science
- SETA
- 2008

A new framework of randomness testing based on random mappings is proposed and three new distinguishers of coverage test, ρ-test and DP-coverage test are presented and applied on Phase III Candidates of eSTREAM project. Expand

A Chosen IV Related Key Attack on Grain-128a

- Computer Science
- ACISP
- 2013

This paper presents a Key recovery attack on Grain-128a, in a chosen IV related Key setting, and shows that using around γ·232 (γ is a experimentally determined constant and it is sufficient to estimate it as 28) related Keys andγ·264 chosen IVs, it is possible to obtain 32·γ simple nonlinear equations and solve them to recover the Secret Key in Grain- 128a. Expand

NOCAS : A Nonlinear Cellular Automata Based Stream Cipher

- Mathematics, Computer Science
- Automata
- 2011

The proposed cipher is shown to be resistant against known existing attacks and designed to produce $\mathrm{2^{128}}$ random keystream bits and initialization phase is made faster 4 times than that of Grain-128. Expand

#### References

SHOWING 1-10 OF 19 REFERENCES

Chosen-IV Statistical Attacks on eSTREAM Stream Ciphers

- 2006

d-Monomial tests are statistical randomness tests based on Algebraic Normal Form representation of a Boolean function, and were first introduced by Filiol in 2002. We show that there are strong… Expand

Decim v2

- 2007

In this paper, we present Decim, a stream cipher hardwareoriented selected for the phase 3 of the ECRYPT stream cipher project eSTREAM. As required by the initial call for hardware-oriented stream… Expand

A New Statistical Testing for Symmetric Ciphers and Hash Functions

- Computer Science
- ICICS
- 2002

A new statistical testing of symmetric ciphers and hash functions which allow us to detect biases in a few of these systems is presented, showing that AES, DES, Snow, and Lili-128 fail the tests wholly or partly and thus present strong biases. Expand

Resynchronization Weaknesses in Synchronous Stream Ciphers

- Computer Science
- EUROCRYPT
- 1993

A powerful general attack on nonlinearly filtered linear (over Z2) systems is presented and this attack is further refined to efficiently cryptanalyze a linear system with a multiplexer as output function. Expand

Extending the Resynchronization Attack

- Computer Science
- Selected Areas in Cryptography
- 2004

This paper extends attacks on ciphers using the standard attack with cryptanalytic techniques such as algebraic attacks and linear cryptanalysis, and shows that using linear resync mechanisms should be avoided. Expand

Weaknesses in the Key Scheduling Algorithm of RC4

- Computer Science
- Selected Areas in Cryptography
- 2001

It is shown that RC4 is completely insecure in a common mode of operation which is used in the widely deployed Wired Equivalent Privacy protocol (WEP, which is part of the 802.11 standard), in which a fixed secret key is concatenated with known IV modifiers in order to encrypt different messages. Expand

A Stream Cipher Proposal: Grain-128

- Computer Science
- 2006 IEEE International Symposium on Information Theory
- 2006

A new stream cipher, Grain-128, is proposed. The design is very small in hardware and it targets environments with very limited resources in gate count, power consumption, and chip area. Grain-128… Expand

On the Resynchronization Attack

- Mathematics, Computer Science
- FSE
- 2003

The resynchronization attack on stream ciphers with a linear next-state function and a nonlinear output function is further investigated and an efficient branching algorithm for reconstructing this function along with the secret key is proposed and analyzed. Expand

Trivium Specifications ?

This document specifies Trivium, a hardware oriented synchronous stream cipher which aims to provide a flexible trade-off between speed and area. The description of the cipher is followed by some… Expand

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications

- Mathematics
- 2000

Abstract : This paper discusses some aspects of selecting and testing random and pseudorandom number generators. The outputs of such generators may he used in many cryptographic applications, such as… Expand