The stream ciphers Salsa20 and Trivium are two of the finalists of the eSTREAM project which are in the final portfolio of new promising stream ciphers. In this paper we show that initialization and key-stream generation of these ciphers is slidable, i.e. one can find distinct (Key, IV) pairs that produce identical (or closely related) key-streams. There are 2 and more then 2 such pairs in Sals...

Bivium is a simplified version of Trivium, a hardware profile finalist of the eSTREAM project. Bivium has an internal state size of 177 bits and a key length of 80 bits. In this paper, a guess and determine attack on this cipher is introduced. In the proposed method, the best linear approximations for the updating functions are first defined. Then by using these calculated approximations, a sys...

Grain is a hardware-oriented stream cipher designed by Hell et al., which has been selected as one of three hardware portfolio ciphers by eSTREAM, the ECRYPT Stream Cipher Project. Time / memory / data tradeoffs are a class of generic attacks used to invert general one-way functions. We show that Grain has a low resistance to so-called BSWsampling, leading to generic tradeoffs that in the activ...

WG and LEX are two stream ciphers submitted to eStream – the ECRYPT stream cipher project. In this paper, we point out security flaws in the resynchronization of these two ciphers. The resynchronization of WG is vulnerable to a differential attack. For WG with 80-bit key and 80-bit IV, 48 bits of the secret key can be recovered with about 2 chosen IVs . For each chosen IV, only the first four k...

Moustique is one of the sixteen finalists in the eSTREAM stream cipher project. Unlike the other finalists it is a self-synchronising cipher and therefore offers very different functional properties, compared to the other candidates. We present simple related-key phenomena in Moustique that lead to the generation of strongly correlated keystreams and to powerful key-recovery attacks. Our best k...

In this paper, we prove the probability advantages of two linear expressions which are summarized from the ABC stream cipher submitted to ECRPYT Estream Project. Two linear expressions with probability advantages reflect the linear correlations among Modular Addition equations. Corresponding to each linear expression and its advantage, a large amount of weak keys are derived under which all the...

The Dragon stream cipher is one of the focus ciphers which have reached Phase 2 of the eSTREAM project. In this paper, we present a new method of building a linear distinguisher for Dragon. The distinguisher is constructed by exploiting the biases of two S-boxes and the modular addition which are basic components of the nonlinear function F . The bias of the distinguisher is estimated to be aro...

In 2005, Hell, Johansson and Meier submitted a stream cipher proposal named Grain v1 to the estream call for stream cipher proposals and it also became one estream finalists in the hardware category. The output function of Grain v1 connects its 160 bits internal state divided equally between an LFSR and an NFSR, using a non-linear filter function in a complex way. Over the last years many crypt...

Time-memory-data (TMD) trade-off attack is a wellstudied technique that has been applied on many stream and block ciphers. Current TMD attacks by Biryukov-Shamir (BSTMD), Hong-Sarkar (HS-TMD) and Dunkelman-Keller (DKTMD) has been applied to ciphers like Grain-v1 and AES-192/256 modes of operation to break them with online complexity faster than exhaustive search. However, there is still a limit...