Distinguishing Attacks on SOBER-t16 and t32
FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
Cryptanalysis of Stream Ciphers with Linear Masking
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A practical distinguisher for the Shannon cipher
Journal of Systems and Software
Improved linear cryptanalysis of SOSEMANUK
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Determining quality of s-boxes using pseudo random sequences generated from stream ciphers
ICA3PP'12 Proceedings of the 12th international conference on Algorithms and Architectures for Parallel Processing - Volume Part II
| Hi-index | 0.00 |
We present a distinguishing attack against SOBER-128 with linear masking. We found a linear approximation which has a bias of 2−−8.8 for the non-linear filter. The attack applies the observation made by Ekdahl and Johansson that there is a sequence of clocks for which the linear combination of some states vanishes. This linear dependency allows that the linear masking method can be applied. We also show that the bias of the distinguisher can be improved (or estimated more precisely) by considering quadratic terms of the approximation. The probability bias of the quadratic approximation used in the distinguisher is estimated to be equal to O(2−−51.8), so that we claim that SOBER-128 is distinguishable from truly random cipher by observing O(2103.6) keystream words.