On the Sosemanuk Related Key-IV Sets

  • Aleksandar Kircanski
  • Amr M. Youssef
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7533)


Sosemanuk is a software-based stream cipher that has passed all three stages of the ECRYPT stream cipher project and is currently a member of the eSTREAM software portfolio. In the recent works on cryptanalysis of Sosemanuk, its relatively small inner state size of 384 bits was identified to be one of the reasons that the attacks were possible. In this paper, we show that another consequence of the small inner state size of Sosemanuk is the existence of several classes of (K,IV), (K′,IV′) pairs that yield correlated keystreams. In particular, we provide a distinguisher which requires less than 2 kilobytes of data and an inner state recovery algorithm that works for two sets of key-IV pairs of expected size ≈ 2128 each. In addition, a distinguisher requiring 252 keystream words is provided for another set of pairs of Sosemanuk instances. The expected number of such key-IV pairs is 2192. Although the security of Sosemanuk is not practically threatened, the found features add to understanding of the security of the cipher and also provide the basis for an elegant attack in the fault analysis model.


State Size Stream Cipher State Recovery Linear Feedback Shift Register Linear Cryptanalysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ahamadi, H., Eghidos, T., Khazaei, S.: Improved Guess and Determine Attack on Sosemanuk, Tehran (2006),
  2. 2.
    Baignères, T., Junod, P., Vaudenay, S.: How Far Can We Go Beyond Linear Cryptanalysis? In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 432–450. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s Apprentice Guide to Fault Attacks. Proceedings of the IEEE 94(2), 370–382 (2006)CrossRefGoogle Scholar
  4. 4.
    Barenghi, A., Bertoni, G., Breveglieri, L., Pellicioli, M., Pelosi, G.: Low Voltage Fault Attacks to AES and RSA on General Purpose Processors, ePrint IACR Report, 130/2010Google Scholar
  5. 5.
    Berbain, C., Billet, O., Canteaut, A., Courtois, N., Gilbert, H., Goubin, L., Gouget, A., Granboulan, L., Lauradoux, C., Minier, M., Pornin, T., Sibert, H.: Sosemanuk, a Fast Software-Oriented Stream Cipher. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 98–118. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Biham, E., Anderson, R., Knudsen, L.R.: Serpent: A New Block Cipher Proposal. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 222–238. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  7. 7.
    Boesgaard, M., Vesterager, M., Pedersen, T., Christiansen, J., Scavenius, O.: Rabbit: A New High-Performance Stream Cipher. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 307–329. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    De Cannière, C., Küçük, Ö., Preneel, B.: Analysis of Grain’s Initialization Algorithm. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 276–289. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Cho, J.Y., Hermelin, M.: Improved Linear Cryptanalysis of SOSEMANUK. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 101–117. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Ekdahl, P., Johansson, T.: A New Version of the Stream Cipher SNOW. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 47–61. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    eSTREAM, the ECRYPT Stream Cipher Project,
  12. 12.
    Feng, X., Liu, J., Zhou, Z., Wu, C., Feng, D.: A Byte-Based Guess and Determine Attack on SOSEMANUK. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 146–157. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  13. 13.
    Grinstead, C.M., Snell, L.J.: Introduction to Probability. American Mathematical Society, 2nd edn. (1998)Google Scholar
  14. 14.
    Hellman, M.: A Cryptanalytic Time-Memory Trade-Off. IEEE Transactions on Information Theory IT-26, 401–406 (1980)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Kim, C.H., Quisquater, J.-J.: Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 215–228. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Lee, J.-K., Lee, D.-H., Park, S.: Cryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 524–538. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  17. 17.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  18. 18.
    Quisquater, J.-J., Delescaille, J.-P.: How Easy Is Collision Search? Application to DES. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 429–434. Springer, Heidelberg (1990)Google Scholar
  19. 19.
    Esmaeili Salehani, Y., Kircanski, A., Youssef, A.: Differential Fault Analysis of Sosemanuk. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 316–331. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    Schmidt, J.-M., Herbst, C.: A Practical Fault Attack on Square and Multiply. In: Fault Diagnosis and Tolerance in Cryptography, 3rd International Workshop, FDTC 2008. IEEE-CS Press (2008)Google Scholar
  21. 21.
    Tsunoo, Y., Saito, T., Shigeri, M., Suzaki, T., Ahmadi, H., Eghlidos, T., Khazaei, S.: Evaluation of Sosemanuk With Regard to Guess-and-Determine attacks (2006),
  22. 22.
    Vertanen, O.: Java Type Confusion and Fault Attacks. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 237–251. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Wu, H.: The Stream Cipher HC-128. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 39–47. Springer, Heidelberg (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Aleksandar Kircanski
    • 1
  • Amr M. Youssef
    • 1
  1. 1.Concordia Institute for Information Systems EngineeringConcordia UniversityMontrealCanada

Personalised recommendations