IACR News item: 09 September 2012
Journal of Cryptology
Abstract We describe a state recovery attack on the X-FCSR family of stream ciphers. In this attack we analyse each block of output keystream and try to solve for the state. The solver will succeed when a number of state conditions are satisfied. For X-FCSR-256, our best attack has a computational complexity of only 24.7 table lookups per block of keystream, with an expected 244.3 such blocks before the attack is successful. The precomputational storage requirement is 233. For X-FCSR-128, the computational complexity of our best attack is 216.3 table lookups per block of keystream, where we expect 255.2 output blocks before the attack comes through. The precomputational storage requirement for X-FCSR-128 is 267.
- Content Type Journal Article
- Pages 1-22
- DOI 10.1007/s00145-012-9130-9
- Authors
- Paul Stankovski, Dept. of Electrical and Information Technology, Lund University, P.O. Box 118, 221 00 Lund, Sweden
- Martin Hell, Dept. of Electrical and Information Technology, Lund University, P.O. Box 118, 221 00 Lund, Sweden
- Thomas Johansson, Dept. of Electrical and Information Technology, Lund University, P.O. Box 118, 221 00 Lund, Sweden
- Journal Journal of Cryptology
- Online ISSN 1432-1378
- Print ISSN 0933-2790
Additional news items may be found on the IACR news page.