# Cryptanalysis of the Full Spritz Stream Cipher

@article{Banik2016CryptanalysisOT, title={Cryptanalysis of the Full Spritz Stream Cipher}, author={Subhadeep Banik and Takanori Isobe}, journal={IACR Cryptol. ePrint Arch.}, year={2016}, volume={2016}, pages={92} }

Spritz is a stream cipher proposed by Rivest and Schuldt at the rump session of CRYPTO 2014. It is intended to be a replacement of the popular RC4 stream cipher. In this paper we propose distinguishing attacks on the full Spritz, based on a short-term bias in the first two bytes of a keystream and a long-term bias in the first two bytes of every cycle of N keystream bytes, where N is the size of the internal permutation. Our attacks are able to distinguish a keystream of the full Spritz from a…

## 16 Citations

### Spritz - a spongy RC4-like stream cipher and hash function

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2016

This note reconsiders the design of the stream cipher RC4, and proposes an improved variant, which is called Spritz (since the output comes in ne drops rather than big blocks), which can be easily adapted for use as a cryptographic hash function, an encryption algorithm, or a message-authentication code generator.

### On data complexity of distinguishing attacks versus message recovery attacks on stream ciphers

- Computer Science, MathematicsDesigns, Codes and Cryptography
- 2017

We revisit the different approaches used in the literature to estimate the data complexity of distinguishing attacks on stream ciphers and analyze their inter-relationships. In the process, we…

### Some Proofs of Joint Distributions of Keystream Biases in RC4

- Computer ScienceINDOCRYPT
- 2016

This paper provides detailed proofs of most of the biases found in the keystream bytes of the RC4 stream cipher when used in the TLS protocol, and unearth new biases based on the joint distributions of three consecutive bytes.

### Enhancement of Advanced Encryption Standard (AES) Cryptographic Strength via Generation of Cipher Key-Dependent S-Box

- Computer Science, Mathematics
- 2018

A proposed method for constructing dynamic Cipher Key dependent S-box is introduced and implemented to encounter the possible attack on the fixed S -Box and passed the Avalanche, bit independence, non-linearity and balance test which proven its security.

### Improved Secure Stream Cipher for Cloud Computing

- Computer ScienceICTERI Workshops
- 2020

Improved stream cipher based on RC4-128 has been developed and contains additional byte transformations in the PRN formation algorithm, an additional PRN and a new incoming message encryption algorithm using the generated threads that provide the cryptographic security of the proposed stream cipher.

### Message Authentication (MAC) Algorithm For The VMPC-R (RC4-like) Stream Cipher

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2019

An algorithm to compute Message Authentication Codes (MACs) along with VMPC-R encryption along with a simple method of transforming the MAC computation algorithm into a hash function.

### Application of Spritz Encryption in Smart Meters to Protect Consumer Data

- Engineering, Computer ScienceJ. Comput. Networks Commun.
- 2019

Spritz is an RC4-like algorithm designed to repair weak design decisions in RC4 to improve security, fast enough not to affect the operations of a smart meter and able to withstand brute force attacks on small keys.

### Randomized Stopping Times and Provably Secure Pseudorandom Permutation Generators

- Mathematics, Computer ScienceMycrypt
- 2016

If the stopping time of a key-scheduling algorithm is a Strong Stationary Time and bits of the secret key are not reused then these algorithms are immune against timing attacks.

### State recovery of RC4 and Spritz Revisited

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2016

This work provides an improved complexity analysis of backtracking-based state recovery attacks on RC4 and Spritz and proposes a pre x check optimization for simple state recovery attack on Spritz, believing that the simple state Recovery attack with this optimization and so-called “change order” optimization inspired by Knudsen et al.

### Application of Spritz Encryption for Improving Cyber Security and Privacy for Electrical Smart Meters

- Computer Science
- 2019

It is suggested that within the first few chapters of this book, the author and the reader establish a relationship between the characters and the characters in the book.

## References

SHOWING 1-10 OF 26 REFERENCES

### Spritz - a spongy RC4-like stream cipher and hash function

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2016

This note reconsiders the design of the stream cipher RC4, and proposes an improved variant, which is called Spritz (since the output comes in ne drops rather than big blocks), which can be easily adapted for use as a cryptographic hash function, an encryption algorithm, or a message-authentication code generator.

### Full Plaintext Recovery Attack on Broadcast RC4

- Computer Science, MathematicsFSE
- 2013

Several new biases in the initial (1st to 257th) bytes of the RC4 keystream, which are substantially stronger than known biases are introduced, which enable a plaintext recovery attack using a strong bias set of initial bytes.

### New State Recovery Attack on RC4

- Computer Science, MathematicsCRYPTO
- 2008

A state recovery attack which accepts the keystream of a certain length, and recovers the internal state, and it is much smaller than the complexity of the best known previous attack 2779.

### State-Recovery Analysis of Spritz

- Computer ScienceLATINCRYPT
- 2015

The analysis supports the conjecture that compared to RC4, Spritz may also provide higher resistance against potentially devastating state-recovery attacks and introduces three different state recovery algorithms.

### Security Analysis of the RC4+ Stream Cipher

- Computer Science, MathematicsINDOCRYPT
- 2013

It is shown that that the RC4+ is vulnerable to differential fault attack and it is possible to recover the entire internal state of the cipher at the beginning of the PRGA by injecting around 217.2 faults.

### Some security results of the RC4+ stream cipher

- Mathematics, Computer ScienceSecur. Commun. Networks
- 2015

Surprisingly, it is found that if the value of the pad is made equal to 0x03, the design provides maximum resistance to distinguishing attacks, and the differential fault attack on RC4+ is improved, both in terms of number of faults required and the computational complexity.

### A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher

- Computer ScienceFSE
- 2004

A new pseudorandom bit generator, named RC4A, which is based on RC4’s exchange shuffle model is proposed, and it is shown that the new cipher offers increased resistance against most attacks that apply to RC4.

### Quad-RC4: Merging Four RC4 States towards a 32-bit Stream Cipher

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2013

This paper keeps the basic RC4 structure and combines 4 RC4 states tacitly to design a high throughput stream cipher called Quad-RC4 that produces 32- bit output at every round and is comparable with HC-128, the fastest software stream cipher amongst the eSTREAM nalists.

### A Distinguishing Attack on a Fast Software-Implemented RC4-Like Stream Cipher

- Computer Science, MathematicsIEEE Transactions on Information Theory
- 2007

A considerable bias is found in the output sequence of the RC4-like stream cipher and this bias is used along with the first two words of a keystream associated with approximately 230 secret keys to build a distinguisher.

### Towards a General RC4-Like Keystream Generator

- Computer ScienceCISC
- 2005

This paper proposes a new 32/64-bit RC4-like keystream generator that produces 32 or 64 bits in each iteration and can be implemented in software with reasonable memory requirements and can resist attacks that are successful on the original RC4.