A Practical Attack on Broadcast RC4
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Cryptography: An Introduction
An improved correlation attack on a5/1
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
The conditional correlation attack: a practical attack on bluetooth encryption
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Algebraic analysis of Trivium and Trivium/128
International Journal of Electronic Security and Digital Forensics
Slid Pairs in Salsa20 and Trivium
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Cube Attacks on Tweakable Black Box Polynomials
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Attacking Bivium using SAT solvers
SAT'08 Proceedings of the 11th international conference on Theory and applications of satisfiability testing
ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Hill climbing algorithms and Trivium
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Attacking Bivium and Trivium with the characteristic set method
AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Conditional differential cryptanalysis of trivium and KATAN
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Solving Trivium-based Boolean Equations Using the Method of Syllogisms
Fundamenta Informaticae - Cryptology in Progress: 10th Central European Conference on Cryptology, Będlewo Poland, 2010
Hi-index | 0.00 |
TRIVIUM is a stream cipher designed in 2005 by C. De Cannière and B. Preneel for the European project eSTREAM. It has an internal state of 288 bits and the key of length 80 bits. Although the design has a simple and elegant structure, no attack on it has been found yet. In this paper a family of TRIVIUM-like designs is studied. We propose a set of techniques for methodological cryptanalysis of these structures in general, including state recovering and linear distinguishing attacks. In particular, we study the original TRIVIUM and present a state recovering attack with time complexity around c283.5, which is 230 faster than the best previous result. Our attack clearly shows that TRIVIUM has a very thin safety margin and that in its current form it can not be used with longer 128-bit keys. Finally, we identify interesting open problems and propose a new design TRIVIUM/128, which resists all of our attacks proposed in this paper. It also accepts a 128 bit secret key due to the improved security level.