Cryptanalysis of the Full Spritz Stream Cipher

@article{Banik2016CryptanalysisOT,
  title={Cryptanalysis of the Full Spritz Stream Cipher},
  author={Subhadeep Banik and Takanori Isobe},
  journal={IACR Cryptol. ePrint Arch.},
  year={2016},
  volume={2016},
  pages={92}
}
Spritz is a stream cipher proposed by Rivest and Schuldt at the rump session of CRYPTO 2014. It is intended to be a replacement of the popular RC4 stream cipher. In this paper we propose distinguishing attacks on the full Spritz, based on a short-term bias in the first two bytes of a keystream and a long-term bias in the first two bytes of every cycle of N keystream bytes, where N is the size of the internal permutation. Our attacks are able to distinguish a keystream of the full Spritz from a… 
View via Publisher
eprint.iacr.org
15 Citations
Background Citations
4

15 Citations

Citation Type

Citation Type

Spritz - a spongy RC4-like stream cipher and hash function
TLDR
This note reconsiders the design of the stream cipher RC4, and proposes an improved variant, which is called Spritz (since the output comes in ne drops rather than big blocks), which can be easily adapted for use as a cryptographic hash function, an encryption algorithm, or a message-authentication code generator.
Hardware Accelerator for Stream Cipher Spritz
TLDR
The results show that the Spritz accelerator is significantly faster in encryption compared to the software implementation and fares weakly against hardware implementation of state-of-the-art hash functions and stream ciphers in terms of area-efficiency.
On data complexity of distinguishing attacks versus message recovery attacks on stream ciphers
  • G. Paul, S. Ray
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2015
We revisit the different approaches used in the literature to estimate the data complexity of distinguishing attacks on stream ciphers and analyze their inter-relationships. In the process, we
Some Proofs of Joint Distributions of Keystream Biases in RC4
TLDR
This paper provides detailed proofs of most of the biases found in the keystream bytes of the RC4 stream cipher when used in the TLS protocol, and unearth new biases based on the joint distributions of three consecutive bytes.
Enhancement of Advanced Encryption Standard (AES) Cryptographic Strength via Generation of Cipher Key-Dependent S-Box
TLDR
A proposed method for constructing dynamic Cipher Key dependent S-box is introduced and implemented to encounter the possible attack on the fixed S -Box and passed the Avalanche, bit independence, non-linearity and balance test which proven its security.
Improved Secure Stream Cipher for Cloud Computing
TLDR
Improved stream cipher based on RC4-128 has been developed and contains additional byte transformations in the PRN formation algorithm, an additional PRN and a new incoming message encryption algorithm using the generated threads that provide the cryptographic security of the proposed stream cipher.
Settling the mystery of Zr = r in RC4
TLDR
This paper revisits the work of Mantin on finding the probability distribution of the RC4 permutation after the completion of the KSA and studies the bias of Zr = r, which has played an important role in the plaintext recovery attack proposed by Isobe et al. in FSE 2013.
Message Authentication (MAC) Algorithm For The VMPC-R (RC4-like) Stream Cipher
TLDR
An algorithm to compute Message Authentication Codes (MACs) along with VMPC-R encryption along with a simple method of transforming the MAC computation algorithm into a hash function.
Hypered Cryptographic Algorithm for LTE Data Confidentiality
TLDR
Demonstrated that it does not add significant time to the encryption and decryption processes as the algorithm becomes more complex and it increases the avalanche effect providing more resistance to attacks and strength the randomization of the algorithm.
Application of Spritz Encryption in Smart Meters to Protect Consumer Data
TLDR
Spritz is an RC4-like algorithm designed to repair weak design decisions in RC4 to improve security, fast enough not to affect the operations of a smart meter and able to withstand brute force attacks on small keys.
...
1
2
...

References

SHOWING 1-10 OF 28 REFERENCES
Spritz - a spongy RC4-like stream cipher and hash function
TLDR
This note reconsiders the design of the stream cipher RC4, and proposes an improved variant, which is called Spritz (since the output comes in ne drops rather than big blocks), which can be easily adapted for use as a cryptographic hash function, an encryption algorithm, or a message-authentication code generator.
On the (In)security of Stream Ciphers Based on Arrays and Modular Addition
TLDR
It is argued, counter-intuitively, that the most useful characteristic of an array, namely, the association of array-elements with unique indices, may turn out to be the origins of distinguishing attacks if adequate caution is not maintained.
Full Plaintext Recovery Attack on Broadcast RC4
TLDR
Several new biases in the initial (1st to 257th) bytes of the RC4 keystream, which are substantially stronger than known biases are introduced, which enable a plaintext recovery attack using a strong bias set of initial bytes.
New State Recovery Attack on RC4
TLDR
A state recovery attack which accepts the keystream of a certain length, and recovers the internal state, and it is much smaller than the complexity of the best known previous attack 2779.
State-Recovery Analysis of Spritz
TLDR
The analysis supports the conjecture that compared to RC4, Spritz may also provide higher resistance against potentially devastating state-recovery attacks and introduces three different state recovery algorithms.
How to Recover Any Byte of Plaintext on RC4
TLDR
Two advanced plaintext recovery attacks that can recover any byte of a plaintext without relying on initial biases are proposed, i.e., the authors' attacks are feasible even if initial bytes of the keystream are disregarded.
Security Analysis of the RC4+ Stream Cipher
TLDR
It is shown that that the RC4+ is vulnerable to differential fault attack and it is possible to recover the entire internal state of the cipher at the beginning of the PRGA by injecting around 217.2 faults.
Some security results of the RC4+ stream cipher
TLDR
Surprisingly, it is found that if the value of the pad is made equal to 0x03, the design provides maximum resistance to distinguishing attacks, and the differential fault attack on RC4+ is improved, both in terms of number of faults required and the computational complexity.
A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher
TLDR
A new pseudorandom bit generator, named RC4A, which is based on RC4’s exchange shuffle model is proposed, and it is shown that the new cipher offers increased resistance against most attacks that apply to RC4.
Quad-RC4: Merging Four RC4 States towards a 32-bit Stream Cipher
TLDR
This paper keeps the basic RC4 structure and combines 4 RC4 states tacitly to design a high throughput stream cipher called Quad-RC4 that produces 32- bit output at every round and is comparable with HC-128, the fastest software stream cipher amongst the eSTREAM nalists.
...
1
2
3
...