A New Version of the Stream Cipher SNOW
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
Intrinsic Statistical Weakness of Keystream Generators
ASIACRYPT '94 Proceedings of the 4th International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
A Software-Optimised Encryption Algorithm
Fast Software Encryption, Cambridge Security Workshop
Fast Hashing and Stream Encryption with PANAMA
FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
Scream: A Software-Efficient Stream Cipher
FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
A New Keystream Generator MUGI
FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
Cryptanalysis of Stream Ciphers with Linear Masking
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
The Dragon Stream Cipher: Design, Analysis, and Implementation Issues
New Stream Cipher Designs
Multidimensional Linear Cryptanalysis of Reduced Round Serpent
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Linear Distinguishing Attack on Shannon
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
A multidimensional linear distinguishing attack on the Shannon cipher
International Journal of Applied Cryptography
Modified clock-controlled alternating step generators
Computer Communications
Multidimensional linear distinguishing attacks and Boolean functions
Cryptography and Communications
Integral and multidimensional linear distinguishers with correlation zero
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
Dragon is a word oriented stream cipher submitted to the ECRYPT project, it operates on key sizes of 128 and 256 bits. The original idea of the design is to use a nonlinear feedback shift register (NLFSR) and a linear part (counter), combined by a filter function to generate a new state of the NLFSR and produce the keystream. The internal state of the cipher is 1088 bits, i.e., any kinds of TMD attacks are not applicable. In this paper we present two statistical distinguishers that distinguish Dragon from a random source both requiring around O(2155) words of the keystream. In the first scenario the time complexity is around O(2155+32) with the memory complexity O(232), whereas the second scenario needs only O(2155) of time, but O(296) of memory. The attack is based on a statistical weakness introduced into the keystream by the filter function F. This is the first paper presenting an attack on Dragon, and it shows that the cipher does not provide full security when the key of size 256 bits is used.