Cryptanalysis of Achterbahn-128/80 with a New Keystream Limitation

  • Authors:
  • María Naya-Plasencia

  • Affiliations:
  • Projet CODES, INRIA Paris-Rocquencourt, France

  • Venue:
  • Research in Cryptology
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper presents two key-recovery attacks against the modification of Achterbahn-128/80 proposed by the authors at SASC 2007 due to the previous attacks. The 80-bit variant, Achterbahn-80, was limited to produce at most 252 bits of keystream with the same pair of key and IV, while Achterbahn-128 was limited to 256 bits. The attack against Achterbahn-80 has complexity 264.85 and needs fewer than 252 bits of keystream, and the one against Achterbahn-128 has complexity 2104 and needs fewer than 256 keystream bits. These attacks are based on the previous ones. The attack against Achterbahn-80 uses a new idea which allows us to reduce the required keystream length.