How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
Proceedings of the Third International Workshop on Fast Software Encryption
A Practical Attack on Broadcast RC4
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Towards a general RC4-Like keystream generator
CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
Differential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
New Attacks on the Stream Cipher TPy6 and Design of New Ciphers the TPy6-A and the TPy6-B
Research in Cryptology
Distinguishing attacks on stream ciphers based on arrays of pseudo-random words
Information Processing Letters
Improved Distinguishing Attacks on HC-256
IWSEC '09 Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security
Survey and benchmark of stream ciphers for wireless sensor networks
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
Related-key attacks on the Py-family of ciphers and an approach to repair the weaknesses
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
Distinguishing attack against TPypy
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Latin dances revisited: new analytic results of Salsa20 and ChaCha
ICICS'11 Proceedings of the 13th international conference on Information and communications security
On the (in)security of stream ciphers based on arrays and modular addition
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
New weaknesses in the keystream generation algorithms of the stream ciphers TPy and Py
ISC'07 Proceedings of the 10th international conference on Information Security
Hi-index | 0.00 |
The stream cipher Py designed by Biham and Seberry is a submission to the ECRYPT stream cipher competition. The cipher is based on two large arrays (one is 256 bytes and the other is 1040 bytes) and it is designed for high speed software applications (Py is more than 2.5 times faster than the RC4 on Pentium III). The paper shows a statistical bias in the distribution of its output-words at the 1st and 3rd rounds. Exploiting this weakness, a distinguisher with advantage greater than 50% is constructed that requires 284.7 randomly chosen key/IV’s and the first 24 output bytes for each key. The running time and the data required by the distinguisher are t284.7 and 289.2 respectively (t denotes the running time of the key/IV setup). We further show that the data requirement can be reduced by a factor of about 3 with a distinguisher that considers outputs of later rounds. In such case the running time is reduced to t284.7 (t denotes the time for a single round of Py). The Py specification allows a 256-bit key and a keystream of 264 bytes per key/IV. As an ideally secure stream cipher with the above specifications should be able to resist the attacks described before, our results constitute an academic break of Py. In addition we have identified several biases among pairs of bits; it seems possible to combine all the biases to build more efficient distinguishers.