What every computer scientist should know about floating-point arithmetic
ACM Computing Surveys (CSUR)
Cryptanalysis of Stream Cipher COS(2, 128) Mode I
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
A Practical Attack on Broadcast RC4
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
A New Ultrafast Stream Cipher Design: COS Ciphers
Proceedings of the 8th IMA International Conference on Cryptography and Coding
Hi-index | 0.00 |
The COSvd (2,128) cipher was proposed at the ECRYPT SASC'2004 workshop by Filiol et. al to strengthen the past COS (2,128) stream cipher. It uses clock-controlled non-linear feedback registers filtered by a highly non-linear output function and was claimed to prevent any existing attacks. However, as we will show in this paper, there are some serious security weaknesses in COSvd (2,128). The poorly designed S-box generates biased keystream and the message could be restored by a ciphertext-only attack in some broadcast applications . Besides, we launch a divide-and-conquer attack to recover the secret keys from O(226)-byte known plaintext with high success rate and complexity O(2113), which is much lower than 2512, the complexity of exhaustive search.