Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator
ACM Transactions on Modeling and Computer Simulation (TOMACS) - Special issue on uniform random number generation
Cryptanalysis of Stream Ciphers with Linear Masking
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A multidimensional linear distinguishing attack on the Shannon cipher
International Journal of Applied Cryptography
Crossword puzzle attack on NLS
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
On the optimality of linear, differential, and sequential distinguishers
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Distinguishing attack on SOBER-128 with linear masking
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
Fast correlation attacks: methods and countermeasures
FSE'11 Proceedings of the 18th international conference on Fast software encryption
| Hi-index | 0.00 |
In this paper, we present a practical linear distinguisher on the Shannon stream cipher. Shannon is a synchronous stream cipher that uses at most 256-bit secret key. In the specification for Shannon, designers state that the intention of the design is to make sure that there are no distinguishing attacks on Shannon requiring less than 2^8^0 keystream words and less than 2^1^2^8 computations. In this work we use the Crossword Puzzle attack technique to construct a distinguisher which requires a keystream of length about 2^3^1 words with workload about 2^3^1.