Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Cryptanalysis of Stream Ciphers with Linear Masking
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Grain: a stream cipher for constrained environments
International Journal of Wireless and Mobile Computing
Breaking the F-FCSR-H Stream Cipher in Real Time
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
BEAN: a lightweight stream cipher
Proceedings of the 2nd international conference on Security of information and networks
On the (im)possibility of practical and secure nonlinear filters and combiners
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
IEEE Transactions on Information Theory
| Hi-index | 0.00 |
BEAN is a recent stream cipher proposal that uses Feedback with Carry Shift Registers (FCSRs) and an output function. There is a sound motivation behind the use of FCSRs in BEAN as they provide several cryptographically interesting properties. In this paper, we show that the output function is not optimal. We give an efficient distinguisher and a key recovery attack that is slightly better than brute force, requiring no significant memory. We then show how this attack can be made better with access to more keystream. Already with access to 6 KiB, the 80-bit key is recovered in time 273.