Title :
Guess and Determine Attack on Trivium Family
Author :
Rohani, Neda ; Noferesti, Zainab ; Mohajeri, Javad ; Aref, Mohammad Reza
Author_Institution :
Dept. of Electr. Eng., Sharif Univ. of Iran, Tehran, Iran
Abstract :
Trivium is a hardware profile finalist of eSTREAM project. It is a synchronous bit-oriented stream cipher. The cipher´s internal state has 288 bits. Bivium is a simplified version of Trivium with a smaller internal state. Both algorithms provide the security level of 80 bits. In this paper we introduce a guess and determine attack on Trivium and Bivium. In our method, we first find the linear approximations for the updating functions. Then by using these approximations, we build a system of linear equations and internal state variables. In order to solve the system, some bits of the internal state should be guessed. Our attack on Trivium is not successful because of the large length of internal state therefore it is resistant to the method. It´s complexity is of order O(290.67). But for recovering the state of Bivium, we need to guess only 27.55 bits and other bits will be determined. In order to complete the attack 243.99 bits of key stream are needed. The complexity of the attack on Bivium is O(227.55), which is an improvement to the previous guess and determine attack with a complexity of order O(252.3).
Keywords :
approximation theory; computational complexity; cryptography; computational complexity; eSTREAM project; hardware profile finalist; internal state variables; linear approximation; linear equations; synchronous bit-oriented stream cipher; trivium family; updating function; Bivium; Determine Attack; Guess; Linear Approximations; Stream Ciphers; Trivium;
Conference_Titel :
Embedded and Ubiquitous Computing (EUC), 2010 IEEE/IFIP 8th International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4244-9719-5
Electronic_ISBN :
978-0-7695-4322-2
DOI :
10.1109/EUC.2010.123
