Abstract
Stream cipher ZUC is the core component in the 3GPP confidentiality and integrity algorithms 128-EEA3 and 128-EIA3. In this paper, we present the details of our differential attacks against ZUC 1.4. The vulnerability in ZUC 1.4 is due to the non-injective property in the initialization, which results in the difference in the initialization vector being cancelled. In the first attack, difference is injected into the first byte of the initialization vector, and one out of 215.4 random keys result in two identical keystreams after testing 213.3 IV pairs for each key. The identical keystreams pose a serious threat to the use of ZUC 1.4 in applications since it is similar to reusing a key in one-time pad. Once identical keystreams are detected, the key can be recovered with average complexity 299.4. In the second attack, difference is injected into the second byte of the initialization vector, and every key can result in two identical keystreams with about 254 IVs. Once identical keystreams are detected, the key can be recovered with complexity 267. We have presented a method to fix the flaw by updating the LFSR in an injective way in the initialization. Our suggested method is used in the later versions of ZUC. The latest ZUC 1.6 is secure against our attacks.
This research is supported by the National Research Foundation Singapore under its Competitive Research Programme (CRP Award No. NRF-CRP2-2007-03) and Nanyang Technological University NAP startup grant (M4080529.110).
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Babbage, S., Dodd, M.: The MICKEY Stream Ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 191–209. Springer, Heidelberg (2008)
Berbain, C., Billet, O., Canteaut, A., Courtois, N.T., Gilbert, H., Goubin, L., Gouget, A., Granboulan, L., Lauradoux, C., Minier, M., Pornin, T., Sibert, H.: Sosemanuk, a Fast Software-Oriented Stream Cipher. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 98–118. Springer, Heidelberg (2008)
Bernstein, D.J.: The Salsa20 Family of Stream Ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 84–97. Springer, Heidelberg (2008)
Biryukov, A., Shamir, A., Wagner, D.: Real Time Cryptanalysis of A5/1 on a PC. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 1–44. Springer, Heidelberg (2001)
Boesgaard, M., Vesterager, M., Zenner, E.: The Rabbit Stream Cipher. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 69–83. Springer, Heidelberg (2008)
De Cannière, C., Preneel, B.: Trivium. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 244–266. Springer, Heidelberg (2008)
Fluhrer, S., Mantin, I., Shamir, A.: Weaknesses in the Key Scheduling Algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001)
Golić, J.D.: Cryptanalysis of Alleged A5 Stream Cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997)
Hell, M., Johansson, T., Maximov, A., Meier, W.: The Grain Family of Stream Ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 179–190. Springer, Heidelberg (2008)
Rivest, R.L.: The RC4 Encryption Algorithm. RSA Data Security, Inc. (March 1992)
ETSI/SAGE Specification. Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3. Document 2: ZUC Specification; Version: 1.4 (July 30, 2010)
ETSI/SAGE Specification. Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3. Document 2: ZUC Specification; Version: 1.5 (January 4, 2011)
ETSI/SAGE Specification. Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3. Document 2: ZUC Specification; Version: 1.6 (June 28, 2011)
Sun, B., Tang, X., Li, C.: Preliminary Cryptanalysis Results of ZUC. In: First International Workshop on ZUC Algorithm, vol. 12 (2010)
Wu, H.: The Stream Cipher HC-128. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 39–47. Springer, Heidelberg (2008)
Wu, H., Nguyen, P.H., Wang, H., Ling, S.: Cryptanalysis of the Stream Cipher ZUC in the 3GPP Confidentiality & Integrity Algorithms 128-EEA3 & 128-EIA3. In: Rump Session of Asiacrypt 2010 (2008)
Wu, H., Preneel, B.: Differential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 276–290. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 International Association for Cryptologic Research
About this paper
Cite this paper
Wu, H., Huang, T., Nguyen, P.H., Wang, H., Ling, S. (2012). Differential Attacks against Stream Cipher ZUC. In: Wang, X., Sako, K. (eds) Advances in Cryptology – ASIACRYPT 2012. ASIACRYPT 2012. Lecture Notes in Computer Science, vol 7658. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34961-4_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-34961-4_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34960-7
Online ISBN: 978-3-642-34961-4
eBook Packages: Computer ScienceComputer Science (R0)