Cryptanalysis of Sober-t32

  • Steve Babbage
  • Christophe De Cannière
  • Joseph Lano
  • Bart Preneel
  • Joos Vandewalle
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2887)


Sober-t32 is a candidate stream cipher in the NESSIE competition. Some new attacks are presented in this paper. A Guess and Determine attack is mounted against Sober-t32 without the decimation of the key stream by the so-called stuttering phase. Also, two distinguishing attacks are mounted against full Sober-t32. These attacks are not practically feasible, but they are theoretically more efficient than exhaustive key search.


NESSIE Cryptanalysis Security Evaluation Sober-t32 Guess and Determine Attack Distinguishing Attack 


  1. 1.
    Hawkes, P., Rose, G.: Primitive Specification and Supporting Documentation for Sober -t32 Submission to NESSIE. In: Proceedings of the First Open NESSIE Workshop (2000)Google Scholar
  2. 2.
    New European Schemes for Signature, Integrity and Encryption,
  3. 3.
    Bleichenbacher, D., Patel, S., Meier, W.: Analysis of the SOBER stream cipher, TIA contribution TR45.AHAG/ (1999)Google Scholar
  4. 4.
    De Cannière, C.: Guess and Determine Attack on SOBER, NESSIE report NES/DOC/KUL/WP5/010/a (2001)Google Scholar
  5. 5.
    Ekdahl, P., Johansson, T.: Distinguishing Attacks on Sober-t16 and t32. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 210–224. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Herlestam, T.: On Functions of Linear Shift Register Sequences. In: Pichler, F. (ed.) EUROCRYPT 1985. LNCS, vol. 219, pp. 119–129. Springer, Heidelberg (1986)CrossRefGoogle Scholar
  7. 7.
    Schafheutle, M.: A First Report on the Stream Ciphers Sober-t16 and Sober-t32, NESSIE document NES/DOC/SAG/WP3/025/02, NESSIE (2001)Google Scholar
  8. 8.
    Lano, J., Peeters, G.: Cryptanalyse van NESSIE kandidaten (Dutch), Master’s Thesis, K.U. Leuven (May 2002)Google Scholar
  9. 9.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Courtois, N., Pieprzyk, J.: Cryptanalysis of Block Ciphers with Overdefined Systems of Equations, Cryptology ePrint Archive, Report 2002/044 (2002),

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Steve Babbage
    • 1
  • Christophe De Cannière
    • 2
  • Joseph Lano
    • 2
  • Bart Preneel
    • 2
  • Joos Vandewalle
    • 2
  1. 1.The CourtyardVodafone Group Research & DevelopmentNewbury, BerkshireUK
  2. 2.Dept. ESAT/SCD-COSICKatholieke Universiteit LeuvenHeverleeBelgium

Personalised recommendations