Abstract
In this paper, we introduce a new cryptanalysis method for stream ciphers based on T-functions and apply it to the TSC family which was proposed by Hong et al.. Our attack are based on linear approximations of the algorithms (in particular of the T-function). Hence, it is related to correlation attack, a popular technique to break stream ciphers with a linear update, like those using LFSR’s.
We show a key-recovery attack for the two algorithms proposed at FSE 2005 : TSC-1 in 225.4 computation steps, and TSC-2 in 248.1 steps. The first attack has been implemented and takes about 4 minutes to recover the whole key on an average PC. Another algorithm in the family, called TSC-3, was proposed at the ECRYPT call for stream ciphers. Despite some differences with its predecessors, it can be broken by similar techniques. Our attack has complexity of 242 known keystream bits to distinguish it from random, and about 266 steps of computation to recover the full secret key.
An extended version of this paper can be found on the ECRYPT website [23].
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Armknecht, F., Krause, M.: Algebraic Attacks on Combiners with Memory. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 162–175. Springer, Heidelberg (2003)
Babbage, S.: Stream Ciphers: What Does the Industry Want? In: State of the Art of Stream Ciphers workshop, SASC 2004 (2004)
Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000)
Courtois, N., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003)
Ding, C., Xiao, G., Shan, W.: The Stability Theory of Stream Ciphers. LNCS, vol. 561. Springer, Heidelberg (1991); see Section 3.3
ECRYPT Network of Excellence in Cryptology, http://www.ecrypt.eu.org/index.html
ECRYPT Stream Cipher Project. See, http://www.ecrypt.eu.org/stream/
Golić, J.: Linear Cryptanalysis of Stream Ciphers. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 154–169. Springer, Heidelberg (1995)
Golić, J.: Linear Statistical Weakness of Alleged RC4 Keystream Generator. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 226–238. Springer, Heidelberg (1997)
Hong, J., Lee, D., Yeom, Y., Han, D.: A New Class of Single Cycle T-functions. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 68–82. Springer, Heidelberg (2005)
Hong, J., Lee, D., Yeom, Y., Han, D., Chee, S.: T-function Based Stream Cipher TSC-3. ECRYPT Stream Cipher Project Report 2005/031 (2005), http://www.ecrypt.eu.org/stream
Klimov, A.: Applications of T-functions in Cryptography. PhD thesis, Weizmann Institute of Science (2004), http://www.wisdom.weizmann.ac.il/~ask/
Klimov, A., Shamir, A.: A New Class of Invertible Mappings. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 470–483. Springer, Heidelberg (2003)
Klimov, A., Shamir, A.: Cryptographic Applications of T-functions. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 248–261. Springer, Heidelberg (2004)
Klimov, A., Shamir, A.: New Cryptographic Primitives Based on Multiword T-Functions. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 1–15. Springer, Heidelberg (2004)
Klimov, A., Shamir, A.: The TFi Family of Stream Ciphers. In: Handout given at the SASC 2004 workshop (2004)
Klimov, A., Shamir, A.: New Applications of T-functions in Block Ciphers and Hash Functions. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 18–31. Springer, Heidelberg (2005)
Künzli, S., Junod, P., Meier, W.: Attacks Against TSC. In: Rump Session at Fast Software Encryption, FSE 2005 (2005)
Künzli, S., Junod, P., Meier, W.: Distinguishing Attacks on T-Functions. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 2–15. Springer, Heidelberg (2005) (to appear)
Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)
Meier, W., Staffelbach, O.: Fast Correlations Attacks on Certain Stream Ciphers. Journal of Cryptology, 159–176 (1989)
Mitra, J., Sarkar, P.: Time-Memory Trade-Off Attacks on Multiplications and T-functions. In: Lee, P. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 468–482. Springer, Heidelberg (2004)
Muller, F., Peyrin, T.: Linear Cryptanalysis of TSC Stream Ciphers - Applications to the ECRYPT proposal TSC-3. ECRYPT Stream Cipher Project Report 2005/042 (2005), http://www.ecrypt.eu.org/stream
Shamir, A.: Stream Ciphers: Dead or Alive? In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 78–78. Springer, Heidelberg (2004)
Siegenthaler, T.: Correlation-immunity of Nonlinear Combining Functions for Cryptographic Applications. IEEE Transactions on Information Theory 30, 776–780 (1984)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Muller, F., Peyrin, T. (2005). Linear Cryptanalysis of the TSC Family of Stream Ciphers. In: Roy, B. (eds) Advances in Cryptology - ASIACRYPT 2005. ASIACRYPT 2005. Lecture Notes in Computer Science, vol 3788. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11593447_20
Download citation
DOI: https://doi.org/10.1007/11593447_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30684-9
Online ISBN: 978-3-540-32267-2
eBook Packages: Computer ScienceComputer Science (R0)