Cryptanalysis of the F-FCSR stream cipher family

  • Authors:
  • Éliane Jaulmes;Frédéric Muller

  • Affiliations:
  • DCSSI Crypto Lab, Paris-07 SP;DCSSI Crypto Lab, Paris-07 SP

  • Venue:
  • SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper focuses on F-FCSR, a new family of stream ciphers proposed by Arnault and Berger at FSE 2005. It uses a non-linear primitive called the Feedback with Carry Shift Register (FCSR) as a building block. Its security relies on some properties of the 2-adic numbers. The F-FCSR family contains several stream ciphers, each of them proposing different features. First, we show a resynchronization attack that breaks algorithms in the family that support initialization vectors. The attack requires at most 216 chosen IV's and a little offline processing to recover the full secret key. We have implemented it with success on a standard PC. Secondly, we show a time/memory/data trade-off attack which breaks several algorithms in the F-FCSR family, even when initialization vectors are not supported. Its complexity ranges from 264 to 280 operations (depending on which algorithm in the family we consider), while the internal state has size 196 bits at least. Therefore this attack is better than generic attacks.