On the sliding property of SNOW 3 G and SNOW 2.0

  title={On the sliding property of SNOW 3 G and SNOW 2.0},
  author={Aleksandar Kircanski and Amr M. Youssef},
  journal={IET Inf. Secur.},
SNOW 3G is a stream cipher chosen by the 3rd Generation Partnership Project (3GPP) as a crypto-primitive to substitute KASUMI in case its security is compromised. [] Key Result In addition to allowing related-key recovery attacks against SNOW 2.0 with 256-bit keys, the presented properties reveal non-random behaviour that yields related-key distinguishers and also questions the validity of the security proofs of protocols that are based on the assumption that SNOW 3G and SNOW 2.0 behave like perfect random…

Figures and Tables from this paper

Differential attacks on reduced-round SNOW 3G and SNOW 3G⊕
The authors’ attack results are superior to multiset collision attacks in terms of data complexity, and their attack method can recover full keys, while multisets collision attacks can only partially recover the internal states in 15-round SNOW 3 G ⊕.
Digital Implementation of an Improved LTE Stream Cipher Snow-3G Based on Hyperchaotic PRNG
Thorough analysis of statistical Randomness is carried out demonstrating the improved statistical randomness properties of the new scheme compared to the standard SNOW-3G, while preserving its resistance against cryptanalytic attacks.
Combined and Robust SNOW-ZUC Algorithm Based on Chaotic System
  • Mahdi Madani, C. Tanougast
  • Computer Science
    2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
  • 2018
The experimental results show that the proposed design allows to encrypt data in two operating modes (SNOW-3G and ZUC modes) using limited hardware resources and power consumption while ensuring more resistance against cryptanalysis attacks.
Bitstream Modification Attack on SNOW 3G
  • M. Moraitis, E. Dubrova
  • Computer Science
    2020 Design, Automation & Test in Europe Conference & Exhibition (DATE)
  • 2020
It is shown that SNOW 3G can be broken by a fault attack based on bitstream modification, which reduces the non-linear state updating function of SNOW3G to a linear one and makes it possible to recover the key from a known plaintext-ciphertext pair.
Cryptanalysis of MICKEY family of stream ciphers
This is the first paper presenting a weakness in MICKEY family of stream ciphers, and the results show that MICkey family of Stream Ciphers are extremely weak against related key attacks.
Cryptanalysis of the Loiss Stream Cipher
By exploiting some differential properties of the BOMM structure during the cipher initialization phase, this paper provides an attack of a practical complexity on Loiss in the related-key model and shows that Loiss is not resistant to slide attacks.
An Addendum to the ZUC-256 Stream Cipher
  • Lin Jiao
  • Computer Science
    IACR Cryptol. ePrint Arch.
  • 2021
A new initialization scheme of ZUC-256 that supports an IV of the exact 128 bits and avoids the division of the whole key/IV byte and provides a simple and natural-looking initialization scheme for Z UC-256.
Approved algorithmic security enhancement of stream cipher for advanced mobile communications
This paper proposes three different approaches to enhance the security level of SNOW and ZUC algorithms by selecting a strong S-box to cascade the best-existing two S-boxes for both algorithms.
Related Key Chosen IV Attack on Grain-128a Stream Cipher
  • L. Ding, Jie Guan
  • Computer Science, Mathematics
    IEEE Transactions on Information Forensics and Security
  • 2013
A related key chosen IV attack on Grain-128a is proposed, and the result shows that this attack is much better than an exhaustive key search in the related key setting.
Cryptanalysis of Symmetric Cryptographic Primitives
A new heuristic for finding compatible differential paths is developed and applied to the the Korean hash function standard HAS-160, which leads to a practical second order collision attack over all of theHas-160 function steps, which is the first practical-complexity distinguisher on this function.


Multiset Collision Attacks on Reduced-Round SNOW 3G and SNOW 3G (+)
This paper studies the resynchronization mechanism of SNOW 3G and of a similar cipher SNOW3G⊕ using multiset collision attacks and shows full key recovery chosen IV resynchronized attacks for up to 18 out of 33 initialization rounds.
A Practical-Time Attack on the A5/3 Cryptosystem Used in Third Generation GSM Telephony
This paper describes a new type of attack called a sandwich attack, and uses it to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with an amazingly high probability of 2, which indicates that the changes made by the GSM Association in moving from MISTY to KASumI resulted in a much weaker cryptosystem.
A Related-Key Rectangle Attack on the Full KASUMI
The results show that theoretically, KASUMI is not secure with respect to differential-based related-key attacks, and thus, the security of the entire encryption system of the 3GPP networks cannot be proven at this time.
Slid Pairs in Salsa20 and Trivium
This paper shows that initialization and key-stream generation of these ciphers is slidable, i.e. one can find distinct (Key, IV) pairs that produce identical (or closely related) key- streams in Salsa20 and Trivium.
Resynchronization Attacks on WG and LEX
The resynchronization attack on WG and LEX shows that block cipher related attacks are powerful in analyzing non-linear resynchronized mechanisms.
A New Version of the Stream Cipher SNOW
This paper proposes a new version of SNOW, called SNOW 2.0, which does not only appear to be more secure, but its implementation is also a bit faster in software.
New Security Proofs for the 3GPP Confidentiality and Integrity Algorithms
The results lead us to believe that the confidentiality and integrity mechanisms used in real 3GPP applications are secure, since no related-key attacks are known against the full eight rounds of KASUMI.
A New Keystream Generator MUGI
The analysis confirms that MUGI is a secure KSG, which is a variant of Panama proposed at FSE '98 and particularly suited for efficient hardware implementations, but the software performance is excellent as well.
The Design of Rijndael: AES - The Advanced Encryption Standard
The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked.
Analysis of Grain's Initialization Algorithm
This paper points out the existence of a sliding property in the initialization algorithm of the Grain family, and shows that it can be used to reduce by half the cost of exhaustive key search (currently the most efficient attack on both Grain v1 and Grain-128).