A Framework for Chosen IV Statistical Analysis of Stream Ciphers

  • Håkan Englund
  • Thomas Johansson
  • Meltem Sönmez Turan
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4859)


Saarinen recently proposed a chosen IV statistical attack, called the d-monomial test, and used it to find weaknesses in several proposed stream ciphers. In this paper we generalize this idea and propose a framework for chosen IV statistical attacks using a polynomial description. We propose a few new statistical attacks, apply them on some existing stream cipher proposals, and give some conclusions regarding the strength of their IV initialization. In particular, we experimentally detected statistical weaknesses in some state bits of Grain-128 with full IV initialization as well as in the keystream of Trivium using an initialization reduced to 736 rounds from 1152 rounds. We also propose some stronger alternative initialization schemes with respect to these statistical attacks.


Boolean Function Truth Table Stream Cipher Statistical Attack Internal State Variable 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Daemen, J., Govaerts, R., Vandewalle, J.: Resynchronization weaknesses in synchronous stream ciphers. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 159–167. Springer, Heidelberg (1994)Google Scholar
  2. 2.
    Golic, J.D., Morgari, G.: On the resynchronization attack. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 100–110. Springer, Heidelberg (2003)Google Scholar
  3. 3.
    Armknecht, F., Lano, J., Preneel, B.: Extending the resynchronization attack. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 19–38. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Filiol, E.: A new statistical testing for symmetric ciphers and hash functions. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 21–35. Springer, Heidelberg (2001)Google Scholar
  5. 5.
    Saarinen, M.J.O.: Chosen-iv statistical attacks on estream stream ciphers. eSTREAM, ECRYPT Stream Cipher Project, Report 2006/013 (2006),
  6. 6.
    Hell, M., Johansson, T., Maximov, A., Meier, W.: A stream cipher proposal: Grain-128. ISIT, Seattle, USA (2006), available at
  7. 7.
    De Cannière, C., Preneel, B.: Trivium - specifications. eSTREAM, ECRYPT Stream Cipher Project, Report 2005/030 (2005), available at
  8. 8.
    Berbain, C., Billet, O., Canteaut, A., Courtois, N., Debraize, B., Gilbert, H., Goubin, L., Gouget, A., Granboulan, L., Lauradoux, C., Minier, M., Pornin, T., Sibert, H.: Decim v2. eSTREAM, ECRYPT Stream Cipher Project, Report 2006/004 (2006),
  9. 9.
    Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., Dray, J., Vo, S.: A statistical test suite for random and pseudorandom number generators for cryptographic applications (2001),
  10. 10.
    Fluhrer, S., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Håkan Englund
    • 1
  • Thomas Johansson
    • 1
  • Meltem Sönmez Turan
    • 2
  1. 1.Dept. of Electrical and Information Technology, Lund UniversitySweden
  2. 2.Institute of Applied Mathematics, METUTurkey

Personalised recommendations