Skip to main content
SpringerLink
Log in

Linear Cryptanalysis of FASER128/256 and TriviA-ck

  • Conference paper
  • First Online:
Progress in Cryptology -- INDOCRYPT 2014 (INDOCRYPT 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8885))

Included in the following conference series:

Abstract

In this paper, we evaluate the security of FASER and TriviA-ck, two authenticated encryption schemes submitted to the CAESAR competition, by linear cryptanalysis method. It is pointed out that the most serious weakness of FASER is that the linear FSRs and nonlinear FSRs do not interact with each other. Thus by linear approximation of the MAJ function, it is possible to derive linear approximations involving the keystream words and the linear FSR initial states only. We found some such equations with correlation coefficient \(2^{-1}\) for FASER128 and FASER256, which lead to the initial state recovery of the linear FSRs with an off-line time complexity of \(2^{36}\) to compute a low weight multiple polynomial, and a negligible online time complexity, which is the polynomial time of the total length of linear FSRs, given \(2^{36}\) keystream words. Moreover, we construct some distinguishers involving two consecutive steps of keystream words with a correlation coefficient of \(2^{-2}\) for FASER128 and FASER256. Thus we only need \(16\) keystream words for FASER128 and FASER256 to distinguish the corresponding keystream from random sequence, respectively. These distinguishers do not rely on any weakness of the MIX operation, so the distinguishing attack will still work even when the FASER designers modify the MIX function. Finally, we use the linear sequential circuit approximation (LSCA) method to analyze TriviA-ck, a stream cipher similar to Trivium, and derive a linear function of consecutive keystream bits with a correlation coefficient of \(2^{-76}\). This shows that TriviA-ck has much more weaker immunity against linear cryptanalysis than Trivium.

This work was supported by the National Grand Fundamental Research 973 Program of China (Grant No. 2013CB338002) and the programs of the National Natural Science Foundation of China (Grant No. 60833008, 60603018, 61173134, 91118006, 61272476).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Caesar: Competition for authenticated encryption: Security, applicability, and robustness. http://competitions.cr.yp.to/caesar.html

  2. Ågren, M., Löndahl, C., Hell, M., Johansson, T.: A survey on fast correlation attacks. Cryptography and Communications 4(3–4), 173–202 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  3. Berbain, C., Gilbert, H., Maximov, A.: Cryptanalysis of grain. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 15–29. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  4. Chakraborti, A., Nandi, M.: Trivia-ck v1. CAESAR (2014)

    Google Scholar 

  5. Chaza, F., McDonald, C., Avanzi, R.: Faser v1: Authenticated encryption in a feedback shift register. CAESAR (2014)

    Google Scholar 

  6. Coppersmith, D., Halevi, S., Jutla, C.: Cryptanalysis of stream ciphers with linear masking. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 515–532. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  7. De Cannière, C.: Trivium: A stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 171–186. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  8. Feng, X., Zhang, F.: A realtime key recovery attack on the authenticated cipher faser128. Cryptology ePrint Archive, Report 2014/258 (2014). http://eprint.iacr.org/

  9. Golić, J.D.: Intrinsic statistical weakness of keystream generators. In: Safavi-Naini, R., Pieprzyk, J.P. (eds.) ASIACRYPT 1994. LNCS, vol. 917, pp. 91–103. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  10. Hell, M., Johansson, T.: Linear attacks on stream ciphers. Advanced Linear Cryptanalysis of Block and Stream Ciphers/Cryptology and Information Security Series, pp. 55–85 (2011)

    Google Scholar 

  11. Khazaei, S., Hassanzadeh, M.: Linear sequential circuit approximation of the trivium stream cipher. eSTREAM, ECRYPT Stream Cipher Project (2005)

    Google Scholar 

  12. Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. Journal of Cryptology 1, 159–176 (1989)

    Article  MathSciNet  MATH  Google Scholar 

  13. Siegenthaler, T.: Decrypting a class of stream ciphers using ciphertext only. IEEE Transactions on Computers C-34, 81–85 (1985)

    Google Scholar 

  14. Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–304. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. TCA, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Chao Xu, Bin Zhang & Dengguo Feng

  2. State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Bin Zhang

Authors
  1. Chao Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bin Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dengguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chao Xu .

Editor information

Editors and Affiliations

  1. Hochschule für Technik, Fachhochschule Nordwestschweiz, Windisch, Switzerland

    Willi Meier

  2. Computer Science and Engineering, Indian Institute of Technology, Kharagpur, India

    Debdeep Mukhopadhyay

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Xu, C., Zhang, B., Feng, D. (2014). Linear Cryptanalysis of FASER128/256 and TriviA-ck. In: Meier, W., Mukhopadhyay, D. (eds) Progress in Cryptology -- INDOCRYPT 2014. INDOCRYPT 2014. Lecture Notes in Computer Science(), vol 8885. Springer, Cham. https://doi.org/10.1007/978-3-319-13039-2_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-13039-2_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-13038-5

  • Online ISBN: 978-3-319-13039-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation