References of "Priemuth-Schmid, Deike 40000545"
     in
Bookmark and Share    
Full Text
See detailAnalysis of resynchronization mechanisms of stream ciphers
Priemuth-Schmid, Deike UL

Doctoral thesis (2011)

Stream ciphers are cryptographic primitives belonging to symmetric key cryptography to ensure data confidentiality of messages sent through an insecure communication channel. This thesis presents attacks ... [more ▼]

Stream ciphers are cryptographic primitives belonging to symmetric key cryptography to ensure data confidentiality of messages sent through an insecure communication channel. This thesis presents attacks on several stream ciphers, especially against their initialization methods. The first targets are the stream ciphers Salsa20 and Trivium. For both ciphers slid pairs are described. Salsa20 can be distinguished from a random function using only the slid pair relation. When a slid pair is given for Salsa20 both secret keys can be recovered immediately if the nonces and counters are known. Also an efficient search for a hidden slid pair in a large list of ciphertexts is shown. The efficiency of the birthday attack can be increased twice using slid pairs. For the cipher Trivium a large related-key class which produces identical keystreams up to a shift is presented. Then the resynchronization mechanism of the stream ciphers SNOW 3G and SNOW 2.0 is analyzed. Both ciphers are simplified by replacing all additions modulo 32 with XORs. A known IV key-recovery attack is presented for SNOW 3G and SNOW 2.0 where both ciphers have no feedback from the FSM. This attack works for any amount of initialization clocks. Then in both ciphers the feedback from the FSM is restored and the number of 33 initialization clocks is reduced. Chosen IV key-recovery attacks on SNOW 3G with 12 to 16 initialization clocks and SNOW 2.0 with 12 to 18 initialization clocks are shown. In a similar way versions of the stream cipher K2 are attacked. This cipher is simplified by replacing all additions modulo 32 with XORs as well. Chosen IV key-recovery attacks on versions with reduced initialization clocks from five to seven out of 24 are presented. For the version with seven initialization clocks also a chosen IV distinguishing attack is shown. The last part deals with a linear key-IV setup and known feedback polynomials of the shrinking generator. It is shown that this linear initialization results in a very weak cipher as only a few known IVs are required to recover the secret key. The original design of the shrinking generator does not include any initialization method so the initial state was assumed to be the secret key. [less ▲]

Detailed reference viewed: 88 (2 UL)
Full Text
Peer Reviewed
See detailMultiset Collision Attacks on Reduced-Round SNOW 3G and SNOW 3G (+)
Biryukov, Alex UL; Priemuth-Schmid, Deike UL; Zhang, Bin UL

in ACNS 2010 (2010)

The stream cipher SNOW 3G designed in 2006 by ETSI/SA-GE is a base algorithm for the second set of 3GPP confidentiality and integrity algorithms. In this paper we study the resynchronization mechanism of ... [more ▼]

The stream cipher SNOW 3G designed in 2006 by ETSI/SA-GE is a base algorithm for the second set of 3GPP confidentiality and integrity algorithms. In this paper we study the resynchronization mechanism of SNOW 3G and of a similar cipher SNOW 3G ⊕  using multiset collision attacks. For SNOW 3G we show a simple 13-round multiset distinguisher with complexity of 28 steps. We show full key recovery chosen IV resynchronization attacks for up to 18 out of 33 initialization rounds of SNOW3G ⊕  with a complexity of 257 to generate the data and 253 steps of analysis. [less ▲]

Detailed reference viewed: 103 (3 UL)
Full Text
Peer Reviewed
See detailAnalysis of SNOW 3G XOR Resynchronization Mechanism
Biryukov, Alex UL; Priemuth-Schmid, Deike UL; Zhang, Bin UL

in SECRYPT 2010 (2010)

The stream cipher SNOW 3G designed in 2006 by ETSI/SA-GE is a base algorithm for the second set of 3GPP confidentiality and integrity algorithms. In this paper, we investigate the resynchronization ... [more ▼]

The stream cipher SNOW 3G designed in 2006 by ETSI/SA-GE is a base algorithm for the second set of 3GPP confidentiality and integrity algorithms. In this paper, we investigate the resynchronization security of a close variant of SNOW 3G, in which two modular additions are replaced by xors and which is called SNOW 3G$^{\oplus}$. It is shown that the feedback from the FSM to the LFSR is crucial for security. Given a pair of \textit{known} IVs, the cipher without such a feedback is extremely vulnerable to differential known IV attacks with practical complexities ($2^{57}$ time and $2^{33}$ keystream). With such a feedback, it is shown that $16$ out of $33$ initialization rounds can be broken by a differential \textit{chosen} IV attack. This is the first public evaluation result for this algorithm. [less ▲]

Detailed reference viewed: 89 (2 UL)
Peer Reviewed
See detailSlid Pairs in Salsa20 and Trivium
Priemuth-Schmid, Deike UL; Biryukov, Alex UL

in INDOCRYPT (2008)

Detailed reference viewed: 71 (1 UL)