On the Resynchronization Attack
The resynchronization attack on stream ciphers with a linear next-state function and a nonlinear output function is further investigated. The number of initialization vectors required for the secret key reconstruction when the output function is known is studied in more detail and a connection with the so-called 0-order linear structures of the output function is established. A more difficult problem when the output function is unknown is also considered. An efficient branching algorithm for reconstructing this function along with the secret key is proposed and analyzed. The number of initialization vectors required is larger in this case than when the output function is known, and the larger the number, the lower the complexity.
KeywordsStream ciphers Boolean functions Resynchronization Reconstruction algorithms
- 2.Daemen, J., Govaerts, R., Vandewalle, J.: Resynchronization weakness in synchronous stream ciphers. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 159–167. Springer, Heidelberg (1994)Google Scholar
- 4.Lai, X.: Additive and linear structures of cryptographic functions. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 75–85. Springer, Heidelberg (1995)Google Scholar