Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Cryptanalysis of Stream Ciphers with Linear Masking
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A multidimensional linear distinguishing attack on the Shannon cipher
International Journal of Applied Cryptography
An Integrated ECC-MAC Based on RS Code
Transactions on Computational Science IV
A practical distinguisher for the Shannon cipher
Journal of Systems and Software
Strengthening NLS against crossword puzzle attack
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Multiple modular additions and crossword puzzle attack on NLSv2
ISC'07 Proceedings of the 10th international conference on Information Security
Hi-index | 0.00 |
NLS is one of the stream ciphers submitted to the eSTREAM project. We present a distinguishing attack on NLS by Crossword Puzzle (CP) attack method which is introduced in this paper. We build the distinguisher by using linear approximations of both the non-linear feedback shift register (NFSR) and the nonlinear filter function (NLF). Since the bias of the distinguisher depends on the Konst value, which is a key-dependent word, we present the graph showing how the bias of distinguisher vary with Konst. In result, we estimate the bias of the distinguisher to be around O(2-30). Therefore, we claim that NLS is distinguishable from truly random cipher after observing O(260) keystream words. The experiments also show that our distinguishing attack is successful on 90.3% of Konst among 232 possible values. We extend the CP attack to NLSv2 which is a tweaked version of NLS. In result, we build a distinguisher which has the bias of around 2-48. Even though this attack is below the eSTREAM criteria (2-40), the security margin of NLSv2 seems to be too low.