Cryptanalysis of Stream Cipher DECIM

Stream cipher DECIM is a hardware oriented cipher with 80-bit key and 64-bit IV. In this paper, we point out two serious flaws in DECIM. One flaw is in the initialization of DECIM. It causes about half of the key bits being recovered bit-by-bit when one key is used with about 2 random IVs, and only the first two bytes of each keystream are needed in the attack. The amount of computations required in the attack is negligible. Another flaw is in the keystream generation algorithm of DECIM. It causes the keystream heavily biased. Any two adjacent keystream bits would be equal with probability about 1 2 + 2−9. A message could be recovered from the ciphertexts if that message is encrypted by DECIM for about 2 times. The DECIM with 80-bit key and 80-bit IV is also vulnerable to the attacks.