On the Role of the Inner State Size in Stream Ciphers

Erik Zenner

Abstract

Many modern stream ciphers consist of a keystream generator and an initialisation function. In fielded systems, security of the keystream generator is often based on a large inner state rather than an inherently secure design. As a consequence, an increasing number of attacks on stream ciphers exploit the (re-)initialisation of large inner states by a weak initialisation function. In this paper, we propose a strict separation of keystream generator and initialisation function in stream cipher design. After giving lower bounds on the necessary inner state size, we show how a secure stream cipher can be constructed from a weak keystram generator. We introduce the notion of inner state size efficiency and compare it for a number of fielded stream ciphers, indicating that a secure cipher can be based on reasonable inner state sizes. Concluding, we ask a number of open questions that may give rise to a new field of research that is concerned with the security of initialisation functions.

References

  1. Bluetooth Speci cation v1.1, 1999. www.bluetooth.com.
  2. F. Armknecht and M. Krause. Algebraic attacks on combiners with memory. In D. Boneh, editor, Proc. Crypto 2003, volume 2729 of LNCS, pages 162-175. Springer, 2003.
  3. S. Babbage. A space/time tradeoff in exhaustive search attacks on stream ciphers. In European Convention on Security and Detection, volume 408 of IEE Conference Publication, May 1995.
  4. S. Babbage, C. De Canniere, J. Lano, B. Preneel, and J. Vandewalle. Cryptanalysis of Sobert32. In T. Johansson, editor, Proc. Fast Software Encryption 2003, volume 2887 of LNCS, pages 111-128. Springer, 2003.
  5. M. Bellare. Practice-oriented provable security. In I. Damgard, editor, Lectures on Data Security, volume 1561 of LNCS, pages 1-15. Springer, 1999.
  6. E. Biham. New types of cryptanalytic attacks using related keys. In T. Helleseth, editor, Proc. Eurocrypt 7893, volume 765 of LNCS, pages 398-409. Springer, 1993.
  7. A. Biryukov and A. Shamir. Cryptanalytic time/memory/data tradeoffs for stream ciphers. In T. Okamoto, editor, Proc. Asiacrypt 2000, volume 1976 of LNCS, pages 1-13. Springer, 2000.
  8. M. Briceno, I. Goldberg, and D. Wagner. A pedagogical implementation of A5/1. http://www.scard.org/gsm/a51.html.
  9. A. Clark, E. Dawson, J. Fuller, H.-J. Lee J. Dj. Golic, W. Millan, S.-J. Moon, and L. Simpson. The LILI-II keystream generator. In L. Batten and J. Seberry, editors, Proc. ACISP 2002, volume 2384 of LNCS, pages 25-39. Springer, 2002.
  10. D. Coppersmith, S. Halevi, and C. Jutla. Cryptanalysis of stream ciphers with linear masking. In M. Yung, editor, Proc. Crypto 2002, volume 2442 of LNCS, pages 515-532. Springer, 2002.
  11. N. Courtois. Fast algebraic attacks on stream ciphers with linear feedback. In D. Boneh, editor, Proc. Crypto 2003, volume 2729 of LNCS, pages 176-194. Springer, 2003.
  12. P. Crowley and S. Lucks. Bias in the LEVIATHAN stream cipher. In M. Matsui, editor, Proc. Fast Software Encryption 2001, volume 2355 of LNCS, pages 211-218. Springer, 2002.
  13. J. Daemen, R. Govaerts, and J. Vandewalle. Resynchronisation weakness in synchronous stream ciphers. In T. Helleseth, editor, Proc. Eurocrypt 7893, volume 765 of LNCS, pages 159-167. Springer, 1994.
  14. E. Dawson, A. Clark, J. Golic, W. Millan, L. Penna, and L. Simpson. The LILI-128 keystream generator. http://www.isrc.qut.edu.au/resource/lili/ lili nessie workshop.pdf.
  15. P. Ekdahl and T. Johansson. SNOW - a new stream cipher. http://www.it.lth.se/cryptology/snow/. NESSIE project submission.
  16. P. Ekdahl and T. Johansson. A new version of the stream cipher SNOW. In H. Heys and K. Nyberg, editors, Proc. SAC 2002, volume 2595 of LNCS, pages 47-61. Springer, 2002.
  17. P. Ekdahl and T. Johansson. Another attack on A5/1. IEEE Trans. Information Theory, 49(1):284-289, 2003.
  18. H. Finney. An RC4 cycle that can't happen. Newsgroup post to sci.crypt, September 1994.
  19. S. Fluhrer. Cryptanalysis of the SEAL 3.0 pseudorandom function family. In M. Matsui, editor, Proc. Fast Software Encryption 2001, volume 2355 of LNCS, pages 135-143. Springer, 2002.
  20. S. Fluhrer and D. McGrew. Statistical analysis of the alleged RC4 keystream generator. In B. Schneier, editor, Proc. Fast Software Encryption 2000, volume 1978 of LNCS, pages 19-30. Springer, 2001.
  21. J. Golic. Cryptanalysis of alleged A5 stream cipher. In W. Fumy, editor, Proc. Eurocrypt 7897, volume 1233 of LNCS, pages 239-255. Springer, 1997.
  22. J. Golic. Linear statistical weakness of alleged RC4 keystream generator. In W. Fumy, editor, Proc. Eurocrypt 7897, volume 1233 of LNCS, pages 226-238. Springer, 1997.
  23. J. Golic and G. Morgari. On the resynchronization attack. In T. Johansson, editor, Proc. Fast Software Encryption 2003, volume 2887 of LNCS, pages 100-110. Springer, 2003.
  24. S. Halevi, D. Coppersmith, and C. Jutla. Scream: A software-ef cient stream cipher. In J. Daemen and V. Rijmen, editors, Proc. Fast Software Encryption 2002, volume 2365 of LNCS, pages 195-209. Springer, 2002.
  25. P. Hawkes and G. Rose. Primitive speci cation for Sober-128. http://www.qualcomm.com.au/Sober128.html.
  26. P. Hawkes and G. Rose. Primitive speci cation and supporting documentation for Sober-t32. NESSIE project submission, October 2000.
  27. S. Jiang and G. Gong. Cryptanalysis of stream cipher - a survey. Technical Report CORR2002-29, University of Waterloo, 2002.
  28. T. Johansson and A. Maximov. A linear distinguishing algorithm on Scream. Presented at ISIT 2003, available at http://www.it.lth.se/movax/Publications/2003/Scream/ disting.pdf.
  29. Itsik Mantin. Analysis of the stream cipher RC4. Master's thesis, Weizmann Institute of Science, Rehovot, Israel, November 2001.
  30. D. McGrew and S. Fluhrer. The stream cipher Leviathan. NESSIE project submission, October 2000.
  31. W. Meier. personal communication, August 2003.
  32. P. Rogaway and D. Coppersmith. A software-optimized encryption algorithm. Journal of Cryptology, 11(4):273-287, Fall 1998.
  33. R. Rueppel. Stream ciphers. In G. Simmons, editor, Contemporary Cryptology - The Science of Information Integrity, pages 65-134. IEEE Press, 1992.
  34. M.-J. Saarinen. A time-memory tradeoff attack against LILI-128. In J. Daemen and V. Rijmen, editors, Proc. Fast Software Encryption 2002, volume 2365 of LNCS, pages 231-236. Springer, 2002.
  35. A. Stubble eld, J. Ioannidis, and A. Rubin. Using the Fluhrer, Mantin and Shamir attack to break WEP. Technical Report TD-4ZCPZZ, AT&T labs, August 2001.
  36. E. Zenner. On the ef ciency of clock control guessing. In P. J. Lee and C. H. Lim, editors, Proc. ICISC 7802, volume 2587 of LNCS, pages 200-212. Springer, 2003.
  37. E. Zenner. On the role of the inner state size in stream ciphers. Technical Report Informatik TR-04-001, University of Mannheim (Germany), January 2004. available at http://www.informatik.uni-mannheim.de/techberichte/ html/TR-04-001.html.
  38. E. Zenner, M. Krause, and S. Lucks. Improved cryptanalysis of the self-shrinking generator. In V. Varadharajan and Y. Mu, editors, Proc. ACISP 7801, volume 2119 of LNCS, pages 21-35. Springer, 2001.
  39. Thus, the inner state size is 576 bit. The most ef cient attack against full Sober-t32 is a distinguisher presented by Babbage et al. [4], requiring 2153+5 = 2158 output bits and a similar work effort. Recently, a new version Sober-128 with equal inner state size but reduced key length was published [25]. However, no cryptanalytic results are available for the time being.
Download


Paper Citation


in Harvard Style

Zenner E. (2004). On the Role of the Inner State Size in Stream Ciphers . In Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004) ISBN 972-8865-07-4, pages 237-250. DOI: 10.5220/0002676702370250


in Bibtex Style

@conference{wosis04,
author={Erik Zenner},
title={On the Role of the Inner State Size in Stream Ciphers},
booktitle={Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)},
year={2004},
pages={237-250},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002676702370250},
isbn={972-8865-07-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)
TI - On the Role of the Inner State Size in Stream Ciphers
SN - 972-8865-07-4
AU - Zenner E.
PY - 2004
SP - 237
EP - 250
DO - 10.5220/0002676702370250