Distinguishing attacks on t-functions

Authors:
Simon Künzli;Pascal Junod;Willi Meier
Affiliations:
FH Aargau, Windisch, Switzerland;(Kudelski Group), Nagravision SA, Cheseaux, Switzerland;FH Aargau, Windisch, Switzerland
Venue:
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Year:
2005

Citing 6
Cited 4

Linear cryptanalysis method for DES cipher

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
A Practical Attack on Broadcast RC4

FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
A New Class of Invertible Mappings

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
On the optimality of linear, differential, and sequential distinguishers

EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
A new class of single cycle t-functions

FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Cryptanalysis of a particular case of klimov-shamir pseudo-random generator

SETA'04 Proceedings of the Third international conference on Sequences and Their Applications

Differential cryptanalysis of T-function based stream cipher TSC-4

ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Non-randomness in eSTREAM candidates salsa20 and TSC-4

INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Linear cryptanalysis of the TSC family of stream ciphers

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Cryptanalysis of t-function-based hash functions

ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology

Quantified Score

Hi-index	0.01

Visualization

Abstract

Klimov and Shamir proposed a new class of simple cryptographic primitives named T-functions. For two concrete proposals based on the squaring operation, a single word T-function and a previously unbroken multi-word T-function with a 256-bit state, we describe an efficient distinguishing attack having a 232 data complexity. Furthermore, Hong et al. recently proposed two fully specified stream ciphers, consisting of multi-word T-functions with 128-bit states and filtering functions. We describe distinguishing attacks having a 222 and a 234 data complexity, respectively. The attacks have been implemented.