A Practical Attack on Broadcast RC4
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Differential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Distinguishing attacks on the stream cipher py
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
New weaknesses in the keystream generation algorithms of the stream ciphers TPy and Py
ISC'07 Proceedings of the 10th international conference on Information Security
New Attacks on the Stream Cipher TPy6 and Design of New Ciphers the TPy6-A and the TPy6-B
Research in Cryptology
Improved Distinguishing Attacks on HC-256
IWSEC '09 Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security
Related-key attacks on the Py-family of ciphers and an approach to repair the weaknesses
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
New weaknesses in the keystream generation algorithms of the stream ciphers TPy and Py
ISC'07 Proceedings of the 10th international conference on Information Security
The stream cipher core of the 3GPP encryption standard 128-EEA3: timing attacks and countermeasures
Inscrypt'11 Proceedings of the 7th international conference on Information Security and Cryptology
Hi-index | 0.00 |
The stream ciphers Py, Py6 designed by Biham and Seberry were promising candidates in the ECRYPT-eSTREAM project because of their impressive speed. Since their publication in April 2005, a number of cryptanalytic weaknesses of the ciphers have been discovered. As a result, a strengthened version Pypy was developed to repair these weaknesses; it was included in the category of 'Focus ciphers' of the Phase II of the eSTREAM competition. However, even the new cipher Pypy was not free from flaws, resulting in a second redesign. This led to the generation of three new ciphers TPypy, TPy and TPy6. The designers claimed that TPy would be secure with a key size up to 256 bytes, i.e., 2048 bits. In February 2007, Sekar et al. published an attack on TPy with 2281 data and comparable time. This paper shows how to build a distinguisher with 2275 key/IVs and one outputword per each key (i.e., the distinguisher can be constructed within the design specifications); it uses a different set of weak states of the TPy. Our results show that distinguishing attacks with complexity lower than the brute force exist if the key size of TPy is longer than 275 bits. Furthermore, we discover a large number of similar bias-producing states of TPy and provide a general framework to compute them. The attacks on TPy are also shown to be effective on Py.