Achterbahn-128/80: Design and Analysis
نویسندگان
چکیده
We determine the imbalances of the keystreams produced by Achterbahn-80 and Achterbahn-128 in two different ways. The number of cyclically inequivalent keystreams produced by the keystream generators of Achterbahn-80 and Achterbahn-128 is determined. An abstract model for the keystream generator of a primitive NLFSR combination generator is used to justify the correlation attack introduced in [6] and generalized in [8]. A common error in a guess and determine attack is discussed. The optimal decision rule for finding the correct initial state of the target shift register in the guess and determine attack is described in the coin tossing model. The reliability of results derived from the abstract keystream generator model and the coin tossing model is demonstrated by running an actual guess and determine attack on a cipher that could be called Baby-Achterbahn. Two attacks against Achterbahn-128/80 found by Naya-Plasencia [8] and Hell and Johansson [5] are shown to be equivalent.
منابع مشابه
Cryptanalysis of Achterbahn-128/80 with a New Keystream Limitation
This paper presents two key-recovery attacks against the last modi cation to Achterbahn-128/80 proposed by the authors at SASC 2007 due to the previous attacks. The 80-bit variant, Achterbahn-80, has been limited to produce at most 2 bits of keystream with the same pair of key and IV, while Achterbahn-128 is limited to 2. The attack against Achterbahn-80 has complexity 2 and needs fewer than 2 ...
متن کاملCryptanalyse de Achterbahn-128/80
This paper presents two attacks against Achterbahn-128/80, the last version of one of the stream cipher proposals in the eSTREAM project. The attack against the 80-bit variant, Achterbahn-80, has complexity 2^{56.32}. The attack against Achterbahn-128 requires 2^{75.4} operations and 2^{61} keystream bits. These attacks are based on an improvement of the attack due to Hell and Johansson against...
متن کاملCryptanalysis of Achterbahn-128/80
This paper presents two key-recovery attacks against Achterbahn-128/80, the last version of one of the stream cipher proposals in the eSTREAM project. The attack against the 80-bit variant, Achterbahn80, has complexity 2. The attack against Achterbahn-128 requires 2 operations and 2 keystream bits. These attacks are based on an improvement of the attack due to Hell and Johansson against Achterb...
متن کاملOn the Design and Analysis of Stream Ciphers
T thesis presents new cryptanalysis results for several different stream cipher constructions. In addition, it also presents two new stream ciphers, both based on the same design principle. The first attack is a general attack targeting a nonlinear combiner. A new class of weak feedback polynomials for linear feedback shift registers is identified. By taking samples corresponding to the linear ...
متن کاملCryptanalysis of Achterbahn-128/80
A key recovery attack on the stream cipher Achterbahn128/80, a cipher in the second phase of eSTREAM, is given. The key observation is a high dependency between some input bits to the Boolean combining function generating the keystream. It results in the first known attacks on both the 128-bit and the 80-bit variants of the cipher. The amount of keystream bits required in the attacks is less th...
متن کامل