Stream Cipher Operation Modes with Improved Security against Generic Collision Attacks

نویسندگان

  • Matthias Hamann
  • Matthias Krause
چکیده

Most stream ciphers used in practice are vulnerable against generic collision attacks, which allow to compute the secret initial state on the basis of O(2) keystream bits in time and space O(2), where n denotes the inner state length of the underlying keystream generator. This implies the well-known rule that for reaching n-bit security, the inner state length should be at least 2n. Corresponding to this, the inner state length of recent proposals for practically used stream ciphers is quite large (e.g., n = 288 for Trivium and n = 160 for Grain v1). In this paper, we suggest a simple stream cipher operation mode, respectively a simple way how to modify existing operation modes like that in the Bluetooth system, which provides provable security near 2 against generic collision attacks. Our suggestion refers to stream ciphers (like E0 in Bluetooth) which generate keystreams that are partitioned into packets and where the initial states for each packet are computed from a packet-IV and the secret session key using a resynchronization algorithm. Our security analysis is based on modeling the resynchronization algorithm in terms of the FP (1)-construction E(x, k) = F (P (x ⊕ k) ⊕ k), where k denotes an n-bit secret key (corresponding to the symmetric session key), F denotes a publicly known n-bit function (corresponding to the output function of the underlying keystream generator), P denotes a publicly known n-bit permutation (corresponding to the iterated state update function of the generator), and the input x is a public initial value. Our security bounds follow from the results presented in [12], where a tight 2 3 n security bound for the FP (1)-construction in the random oracle model was proved.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Analyzing Constructions for key-alternating Pseudorandom Functions with Applications to Stream Cipher Operation Modes

In the last years, much research work has been invested into the security analysis of key alternating ciphers in the random oracle model. These are pseudorandom permutations (PRPs), sometimes also called iterated Even-Mansour ciphers, which are defined by alternatingly adding n-bit sub-keys ki and calling public n-bit permutations Pi. Besides the fact, that results of this kind concern the fund...

متن کامل

Scaling VEST in Hardware

VEST is an exceptionally efficient cipher family that belongs to the most advanced type of design that offers multi-functionality in one highly efficient module. VEST is readily scaled in hardware. The problem of efficient generation of a secure message digest for scaled ciphers is overcome when VEST is combined with XOR-MAC. XOR-MAC technologies are proven secure but suffer performance restric...

متن کامل

Impossible plaintext cryptanalysis and probable-plaintext collision attacks of 64-bit block cipher modes

The block cipher modes of operation that are widely used (CBC, CTR, CFB) are secure up to the birthday bound; that is, if w2 or fewer bits of data are encrypted with a w-bit block cipher. However, the detailed security properties close to this bound are not widely appreciated, despite the fact that 64-bit block ciphers are sometimes used in that domain. This work addresses the issue by analyzin...

متن کامل

Attacks on Additive Encryption of Redundant Plaintext and Implications on Internet Security

We present and analyze attacks on additive stream ciphers that rely on linear equations that hold with non-trivial probability in plaintexts that are encrypted using distinct keys. These attacks extend Biham’s key collision attack and Hellman’s time memory tradeoff attack, and can be applied to any additive stream cipher. We define linear redundancy to characterize the vulnerability of a plaint...

متن کامل

Comparative Analysis of AES and RC4 Algorithms for Better Utilization

-In the today world, security is required to transmit confidential information over the network. Security is also demanding in wide range of applications. Cryptographic algorithms play a vital role in providing the data security against malicious attacks. But on the other hand, they consume significant amount of computing resources like CPU time, memory, encryption time etc. Normally, symmetric...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2015  شماره 

صفحات  -

تاریخ انتشار 2015