Crossword Puzzle Attack on NLS

  • Joo Yeon Cho
  • Josef Pieprzyk
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4356)


NLS is one of the stream ciphers submitted to the eSTREAM project. We present a distinguishing attack on NLS by Crossword Puzzle (CP) attack method which is introduced in this paper. We build the distinguisher by using linear approximations of both the non-linear feedback shift register (NFSR) and the nonlinear filter function (NLF). Since the bias of the distinguisher depends on the Konst value, which is a key-dependent word, we present the graph showing how the bias of distinguisher vary with Konst. In result, we estimate the bias of the distinguisher to be around O(2− 30). Therefore, we claim that NLS is distinguishable from truly random cipher after observing O(260) keystream words. The experiments also show that our distinguishing attack is successful on 90.3% of Konst among 232 possible values. We extend the CP attack to NLSv2 which is a tweaked version of NLS. In result, we build a distinguisher which has the bias of around 2− 48. Even though this attack is below the eSTREAM criteria (2− 40), the security margin of NLSv2 seems to be too low.


Distinguishing Attacks Crossword Puzzle Attack Stream Ciphers Linear Approximations eSTREAM Modular Addition NLS NLSv2 


  1. 1.
  2. 2.
    Cho, J.Y., Pieprzyk, J.: Linear distinguishing attack on NLS. In: SASC 2006 workshop (2006)Google Scholar
  3. 3.
    Coppersmith, D., Halevi, S., Jutla, C.: Cryptanalysis of stream ciphers with linear masking. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 515–532. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. 4.
    Hawkes, P., Paddon, M., Rose, G., de Vries, M.W.: Primitive specification for NLS (April 2005),
  5. 5.
    Hawkes, P., Paddon, M., Rose, G., de Vries, M.W.: Primitive specification for NLSv2 (March 2006),
  6. 6.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Joo Yeon Cho
    • 1
  • Josef Pieprzyk
    • 1
  1. 1.Centre for Advanced Computing – Algorithms and Cryptography, Department of Computing, Macquarie University, NSW, 2109Australia

Personalised recommendations