Differential attacks against stream cipher ZUC

Authors:
Hongjun Wu;Tao Huang;Phuong Ha Nguyen;Huaxiong Wang;San Ling
Affiliations:
Division of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore;Division of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore;Division of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore;Division of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore;Division of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore
Venue:
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
Year:
2012

Citing 11
Cited 1

Weaknesses in the Key Scheduling Algorithm of RC4

SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
Real Time Cryptanalysis of A5/1 on a PC

FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Differential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy

EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
The Stream Cipher HC-128

New Stream Cipher Designs
The Rabbit Stream Cipher

New Stream Cipher Designs
The Salsa20 Family of Stream Ciphers

New Stream Cipher Designs
Sosemanuk, a Fast Software-Oriented Stream Cipher

New Stream Cipher Designs
The Grain Family of Stream Ciphers

New Stream Cipher Designs
The MICKEY Stream Ciphers

New Stream Cipher Designs
Trivium

New Stream Cipher Designs
Cryptanalysis of alleged A5 stream cipher

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques

SAT based analysis of LTE stream cipher ZUC

Proceedings of the 6th International Conference on Security of Information and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Stream cipher ZUC is the core component in the 3GPP confidentiality and integrity algorithms 128-EEA3 and 128-EIA3. In this paper, we present the details of our differential attacks against ZUC 1.4. The vulnerability in ZUC 1.4 is due to the non-injective property in the initialization, which results in the difference in the initialization vector being cancelled. In the first attack, difference is injected into the first byte of the initialization vector, and one out of 215.4 random keys result in two identical keystreams after testing 213.3 IV pairs for each key. The identical keystreams pose a serious threat to the use of ZUC 1.4 in applications since it is similar to reusing a key in one-time pad. Once identical keystreams are detected, the key can be recovered with average complexity 299.4. In the second attack, difference is injected into the second byte of the initialization vector, and every key can result in two identical keystreams with about 254 IVs. Once identical keystreams are detected, the key can be recovered with complexity 267. We have presented a method to fix the flaw by updating the LFSR in an injective way in the initialization. Our suggested method is used in the later versions of ZUC. The latest ZUC 1.6 is secure against our attacks.