How easy is collision search? Application to DES
EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Handbook of Applied Cryptography
Handbook of Applied Cryptography
A New Version of the Stream Cipher SNOW
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
Serpent: A New Block Cipher Proposal
FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
New Stream Cipher Designs
Sosemanuk, a Fast Software-Oriented Stream Cipher
New Stream Cipher Designs
A Practical Fault Attack on Square and Multiply
FDTC '08 Proceedings of the 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography
Cryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Fault attacks for CRT based RSA: new attacks, new results and new countermeasures
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
Analysis of Grain's initialization algorithm
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Improved linear cryptanalysis of SOSEMANUK
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Differential fault analysis of Sosemanuk
AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Java type confusion and fault attacks
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
A cryptanalytic time-memory trade-off
IEEE Transactions on Information Theory
| Hi-index | 0.00 |
Sosemanuk is a software-based stream cipher that has passed all three stages of the ECRYPT stream cipher project and is currently a member of the eSTREAM software portfolio. In the recent works on cryptanalysis of Sosemanuk, its relatively small inner state size of 384 bits was identified to be one of the reasons that the attacks were possible. In this paper, we show that another consequence of the small inner state size of Sosemanuk is the existence of several classes of (K,IV), (K′,IV′) pairs that yield correlated keystreams. In particular, we provide a distinguisher which requires less than 2 kilobytes of data and an inner state recovery algorithm that works for two sets of key-IV pairs of expected size ≈2128 each. In addition, a distinguisher requiring 252 keystream words is provided for another set of pairs of Sosemanuk instances. The expected number of such key-IV pairs is 2192. Although the security of Sosemanuk is not practically threatened, the found features add to understanding of the security of the cipher and also provide the basis for an elegant attack in the fault analysis model.