A Practical Attack on Broadcast RC4
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Differential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Related-key attacks on the Py-family of ciphers and an approach to repair the weaknesses
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
Distinguishing attack against TPypy
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
On the (in)security of stream ciphers based on arrays and modular addition
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Distinguishing attacks on the stream cipher py
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
New weaknesses in the keystream generation algorithms of the stream ciphers TPy and Py
ISC'07 Proceedings of the 10th international conference on Information Security
Hi-index | 0.00 |
The stream ciphers Py, Pypy and Py6 were designed by Biham and Seberry for the ECRYPT-eSTREAM project in 2005. The ciphers were promoted to the `Focus' ciphers of the Phase II of the eSTREAM project. However, due to some cryptanalytic results, strengthened versions of the ciphers, namely, the TPy, the TPypy and the TPy6 were built. In this paper, we find hitherto unknown weaknesses in the keystream generation algorithms of the Py6 and its stronger variant the TPy6. Exploiting these weaknesses, a large number of distinguishing attacks are mounted on the ciphers, the best of which works with 2224.6 data and comparable time. In the second part, we present two new ciphers derived from the TPy6, namely, the TPy6-A and the TPy6-B, whose performances are 2.65 cycles/byte and 4.4 cycles/byte on Pentium III. As a result, to the best of our knowledge, on Pentium platforms the TPy6-A becomes the fastest stream cipher in the literature. Based on our security analysis, we conjecture that no attacks lower than the brute force are possible on the ciphers TPy6-A and TPy6-B.