We present the concept of greedy distinguishers and show how some simple observations and the well known greedy heuristic can be combined into a very powerful strategy (the Greedy Bit Set Algorithm) for efficient and systematic construction of distinguishers and nonrandomness detectors. We show how this strategy can be applied to a large array of stream and block ciphers, and we show that our m...

This paper discusses the Cube attacks proposed in [1] applied to Trivium. Independent verification of the equations given in [1] were carried out. Experimentation showed that the precomputed equations were not general. They are correct when applied to the class of IVs for which they were computed where IV bits at locations other than those corresponding to the cube are fixed at 0. When these IV...

This paper presents an algebraic attack against Trivium that breaks 625 rounds using only 4096 bits of output in an overall time complexity of 2 Trivium computations. While other attacks can do better in terms of rounds (799), this is a practical attack with a very low data usage (down from 2 output bits) and low computation time (down from 2). From another angle, our attack can be seen as a pr...

The cube attack is a powerful cryptanalytic technique and is especially powerful against stream ciphers. Since we need to analyze the complicated structure of a stream cipher in the cube attack, the cube attack basically analyzes it by regarding it as a blackbox. Therefore, the cube attack is an experimental attack, and we cannot evaluate the security when the size of cube exceeds an experiment...

Basing on the original Cube attack, this paper proposes an improved method of Cube attack on stream ciphers, which makes improvement on the pre-processing phase of the original attack. The new method can induce maxterms of higher-order from those of lower-order by the trade-off between time and space, thus recovering more key bits and reducing the search complexity on higher-dimension. In this ...

The cube attack has been introduced by Itai Dinur and Adi Shamir [8] as a known plaintext attack on symmetric primitives. The attack has been applied to reduced variants of the stream ciphers Trivium [3, 8] and Grain-128 [2], reduced to three rounds variant of the block cipher Serpent [9] and reduced version of the hash function MD6 [3]. In the special case the attack has appeared in the M. Vie...

Differential Fault Attack (DFA) has received serious attention in cryptographic literature and very recently such attacks have been mounted against several popular stream ciphers for example Grain v1, MICKEY 2.0 and Trivium, that are parts of the eStream hardware profile. The basic idea of the fault attacks consider injection of faults and the most general set-up should consider faults at rando...

Chi-square tests are generally used for distinguishing purposes; however when they are combined to simultaneously test several independent variables, extra notation is required. In this study, the chi-square statistics in some previous works is revealed to be computed half of its real value. Therefore, the notion of Multi _ Chi-square tests is formulated to avoid possible future confusions. In ...