How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
A hard-core predicate for all one-way functions
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
Differential cryptanalysis of the data encryption standard
Differential cryptanalysis of the data encryption standard
The Design of Rijndael
Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Improved Cryptanalysis of Rijndael
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Treatment of the initial value in Time-Memory-Data Tradeoff attacks on stream ciphers
Information Processing Letters
A New Attack on the LEX Stream Cipher
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Cryptanalysis of alleged A5 stream cipher
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
The design of a stream cipher LEX
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Automatic search of attacks on round-reduced AES and applications
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Improved time-memory trade-offs with multiple data
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
Hi-index | 0.00 |
Biryukov (The Design of a Stream Cipher LEX, Proceedings of Selected Areas in Cryptography, 2006 Springer, pp 67---75, 2007) presented a new methodology of stream cipher design called leak extraction. The stream cipher LEX, based on this methodology and on the AES block cipher, was selected to round 3 of the eSTREAM competition. The suggested methodology seemed promising, and LEX, due to its elegance, simplicity, and performance, was expected to be selected to the eSTREAM portfolio. In this article we present a key recovery attack on LEX. The attack requires about 240 bytes of key-stream produced by the same key (possibly under many different IVs), and retrieves the secret key in time of about 2100 AES encryptions. Following a preliminary version of our attack, LEX was discarded from the final portfolio of eSTREAM.