Evaluation of SOSEMANUK With Regard to Guess-and-Determine Attacks


This paper describes the attack on SOSEMANUK, one of the stream ciphers proposed at eSTREAM (the ECRYPT Stream Cipher Project) in 2005. The cipher features the variable secret key length from 128-bit up to 256-bit and 128-bit initial vector. The basic operation of the cipher is performed in a unit of 32 bits i.e. " word " , and each word generates keystream. This paper shows the result of guess-and-determine attack made on SOSEMANUK. The attack method enables to determine all of 384-bit internal state just after the initialization, using only 2 4-word keystream. This attack needs about 2 224 computations. Thus, when secret key length is longer than 224-bit, it needs less computational effort than an exhaustive key search, to break SOSEMANUK. The results show that the cipher has still the 128-bit security as claimed by its designers.

4 Figures and Tables

Showing 1-5 of 5 references

Available at http://csrc.nist.gov/CryptoToolkit/aes/ 2. eSTREAM, the ECRYPT Stream Cipher Project

  • Aes, The Advanced Encryption, Nist Standard, Fips

the New European Schemes for Signatures, Integrity, and Encryption. Available at https

  • Nessie