Cryptanalysis of Sfinks

  • Nicolas T. Courtois
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3935)


Sfinks is an LFSR-based stream cipher submitted to ECRYPT call for stream ciphers by Braeken, Lano, Preneel et al. The designers of Sfinks do not include any real protection against algebraic attacks other than the so called “Algebraic Immunity”, that relates to the complexity of a simple algebraic attack, and ignores more elaborate attacks. As a result, Sfinks is insecure.


algebraic cryptanalysis stream ciphers nonlinear filters Boolean functions solving systems of multivariate equations fast algebraic attacks on stream ciphers 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Armknecht, F., Krause, M.: Algebraic Atacks on Combiners with Memory. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 162–175. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Armknecht, F.: Improving Fast Algebraic Attacks. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 65–82. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Babbage, S.: Cryptanalysis of LILI-128. Nessie project internal report (January 22, 2001), available at:
  4. 4.
    Barkan, E., Biham, E., Keller, N.: Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 600–616. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Blake, I., Gao, X., Mullin, R., Vanstone, S., Yaghoobian, T.: Applications of Finite Fields. Kluwer Academic Publishers, Dordrecht (1992)zbMATHGoogle Scholar
  6. 6.
    Braeken, A., Lano, J., Mentens, N., Preneel, B., Verbauwhede, I.: Sfinks specification and source code, Available on ECRYPT Stream Cipher Project page (April 2005),
  7. 7.
    Carlet, C., Meier, W., Pasalic, E.: Algebraic Attacks and Decomposition of Boolean Functions. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 474–491. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Clark, A., Dawson, E., Fuller, J., Golic, J., Lee, H.-J., Millan, W., Moon, S.-J., Simpson, L.: The LILI-II Keystream Generator. In: ACISP 2002, the 7th Australasian Conference on Information Security and Privacy, July 3 - 5. Deakin University, Melbourne (presented, 2002)Google Scholar
  9. 9.
    Coppersmith, D., Winograd, S.: Matrix multiplication via arithmetic progressions. J. Symbolic Computation 9, 251–280 (1990)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Courtois, N.: The security of Hidden Field Equations (HFE). In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 266–281. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Courtois, N., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002), A preprint with a different version of the attack is available at: CrossRefGoogle Scholar
  12. 12.
    Courtois, N.: Higher Order Correlation Attacks, XL algorithm and Cryptanalysis of Toyocrypt. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 182–199. Springer, Heidelberg (2003), A preprint with a different version of the attack is available at: CrossRefGoogle Scholar
  13. 13.
    Courtois, N., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, Springer, Heidelberg (2003), Google Scholar
  14. 14.
    Courtois, N.: Fast Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 177–194. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Courtois, N.: Algebraic Attacks on Combiners with Memory and Several Outputs. In: Park, C.-s., Chee, S. (eds.) ICISC 2004. LNCS, vol. 3506, Springer, Heidelberg (2005), Extended version available on: Google Scholar
  16. 16.
    Courtois, N.: The Inverse S-box, Non-linear Polynomial Relations and Cryptanalysis of Block Ciphers. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2005. LNCS, vol. 3373, pp. 170–188. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Faugère, J.-C.: A new efficient algorithm for computing Gröbner bases without reduction to zero (F5). In: Workshop on Applications of Commutative Algebra, Catania, Italy, April 3-6, 2002. ACM Press, New York (2002)Google Scholar
  18. 18.
    Hawkes, P., Rose, G.: Rewriting Variables: the Complexity of Fast Algebraic Attacks on Stream Ciphers. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 390–406. Springer, Heidelberg (2004), Available from: CrossRefGoogle Scholar
  19. 19.
    Key, E.L.: An Analysis of the Structure and Complexity of Nonlinear Binary Sequence Generators. IEEE Transactions on Information Theory IT-22(6) (November 1976)Google Scholar
  20. 20.
    Massey, J.N., Serconek, S.: A Fourier Transform Approach to the Linear Complexity of Nonlinearly Filtered Sequences. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 332–340. Springer, Heidelberg (1994)Google Scholar
  21. 21.
    Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. Journal of Cryptology 1(3), 159–176 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Meier, W., Staffelbach, O.: Nonlinearity Criteria for Cryptographic Functions. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 549–562. Springer, Heidelberg (1990)Google Scholar
  23. 23.
    Patarin, J.: Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt 1988. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 248–261. Springer, Heidelberg (1995)Google Scholar
  24. 24.
    Biryukov, A., Shamir, A.: Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers. In: Asiacrypt 2000. LNCS, vol. 2248, pp. 1–13. Springer, Heidelberg (2000)Google Scholar
  25. 25.
    Shamir, A., Patarin, J., Courtois, N., Klimov, A.: Efficient Algorithms for solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  26. 26.
    Simpson, L., Dawson, E., Golic, J., Millan, W.: LILI Keystream Generator. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 248–261. Springer, Heidelberg (2001), CrossRefGoogle Scholar
  27. 27.
    Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): two new families of Asymmetric Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996)Google Scholar
  28. 28.
    Shannon, C.E.: Communication theory of secrecy systems. Bell System Technical Journal 28 (1949) (see in patricular page 704)Google Scholar
  29. 29.
    Strassen, V.: Gaussian Elimination is Not Optimal. Numerische Mathematik 13, 354–356 (1969)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Nicolas T. Courtois
    • 1
  1. 1.Axalto Smart Cards Crypto ResearchLouveciennesFrance

Personalised recommendations