# On the Role of the Inner State Size in Stream Ciphers

### Erik Zenner

#### Abstract

Many modern stream ciphers consist of a keystream generator and an initialisation function. In fielded systems, security of the keystream generator is often based on a large inner state rather than an inherently secure design. As a consequence, an increasing number of attacks on stream ciphers exploit the (re-)initialisation of large inner states by a weak initialisation function. In this paper, we propose a strict separation of keystream generator and initialisation function in stream cipher design. After giving lower bounds on the necessary inner state size, we show how a secure stream cipher can be constructed from a weak keystram generator. We introduce the notion of inner state size efficiency and compare it for a number of fielded stream ciphers, indicating that a secure cipher can be based on reasonable inner state sizes. Concluding, we ask a number of open questions that may give rise to a new field of research that is concerned with the security of initialisation functions.

#### References

- Bluetooth Speci cation v1.1, 1999. www.bluetooth.com.
- F. Armknecht and M. Krause. Algebraic attacks on combiners with memory. In D. Boneh, editor, Proc. Crypto 2003, volume 2729 of LNCS, pages 162-175. Springer, 2003.
- S. Babbage. A space/time tradeoff in exhaustive search attacks on stream ciphers. In European Convention on Security and Detection, volume 408 of IEE Conference Publication, May 1995.
- S. Babbage, C. De Canniere, J. Lano, B. Preneel, and J. Vandewalle. Cryptanalysis of Sobert32. In T. Johansson, editor, Proc. Fast Software Encryption 2003, volume 2887 of LNCS, pages 111-128. Springer, 2003.
- M. Bellare. Practice-oriented provable security. In I. Damgard, editor, Lectures on Data Security, volume 1561 of LNCS, pages 1-15. Springer, 1999.
- E. Biham. New types of cryptanalytic attacks using related keys. In T. Helleseth, editor, Proc. Eurocrypt 7893, volume 765 of LNCS, pages 398-409. Springer, 1993.
- A. Biryukov and A. Shamir. Cryptanalytic time/memory/data tradeoffs for stream ciphers. In T. Okamoto, editor, Proc. Asiacrypt 2000, volume 1976 of LNCS, pages 1-13. Springer, 2000.
- M. Briceno, I. Goldberg, and D. Wagner. A pedagogical implementation of A5/1. http://www.scard.org/gsm/a51.html.
- A. Clark, E. Dawson, J. Fuller, H.-J. Lee J. Dj. Golic, W. Millan, S.-J. Moon, and L. Simpson. The LILI-II keystream generator. In L. Batten and J. Seberry, editors, Proc. ACISP 2002, volume 2384 of LNCS, pages 25-39. Springer, 2002.
- D. Coppersmith, S. Halevi, and C. Jutla. Cryptanalysis of stream ciphers with linear masking. In M. Yung, editor, Proc. Crypto 2002, volume 2442 of LNCS, pages 515-532. Springer, 2002.
- N. Courtois. Fast algebraic attacks on stream ciphers with linear feedback. In D. Boneh, editor, Proc. Crypto 2003, volume 2729 of LNCS, pages 176-194. Springer, 2003.
- P. Crowley and S. Lucks. Bias in the LEVIATHAN stream cipher. In M. Matsui, editor, Proc. Fast Software Encryption 2001, volume 2355 of LNCS, pages 211-218. Springer, 2002.
- J. Daemen, R. Govaerts, and J. Vandewalle. Resynchronisation weakness in synchronous stream ciphers. In T. Helleseth, editor, Proc. Eurocrypt 7893, volume 765 of LNCS, pages 159-167. Springer, 1994.
- E. Dawson, A. Clark, J. Golic, W. Millan, L. Penna, and L. Simpson. The LILI-128 keystream generator. http://www.isrc.qut.edu.au/resource/lili/ lili nessie workshop.pdf.
- P. Ekdahl and T. Johansson. SNOW - a new stream cipher. http://www.it.lth.se/cryptology/snow/. NESSIE project submission.
- P. Ekdahl and T. Johansson. A new version of the stream cipher SNOW. In H. Heys and K. Nyberg, editors, Proc. SAC 2002, volume 2595 of LNCS, pages 47-61. Springer, 2002.
- P. Ekdahl and T. Johansson. Another attack on A5/1. IEEE Trans. Information Theory, 49(1):284-289, 2003.
- H. Finney. An RC4 cycle that can't happen. Newsgroup post to sci.crypt, September 1994.
- S. Fluhrer. Cryptanalysis of the SEAL 3.0 pseudorandom function family. In M. Matsui, editor, Proc. Fast Software Encryption 2001, volume 2355 of LNCS, pages 135-143. Springer, 2002.
- S. Fluhrer and D. McGrew. Statistical analysis of the alleged RC4 keystream generator. In B. Schneier, editor, Proc. Fast Software Encryption 2000, volume 1978 of LNCS, pages 19-30. Springer, 2001.
- J. Golic. Cryptanalysis of alleged A5 stream cipher. In W. Fumy, editor, Proc. Eurocrypt 7897, volume 1233 of LNCS, pages 239-255. Springer, 1997.
- J. Golic. Linear statistical weakness of alleged RC4 keystream generator. In W. Fumy, editor, Proc. Eurocrypt 7897, volume 1233 of LNCS, pages 226-238. Springer, 1997.
- J. Golic and G. Morgari. On the resynchronization attack. In T. Johansson, editor, Proc. Fast Software Encryption 2003, volume 2887 of LNCS, pages 100-110. Springer, 2003.
- S. Halevi, D. Coppersmith, and C. Jutla. Scream: A software-ef cient stream cipher. In J. Daemen and V. Rijmen, editors, Proc. Fast Software Encryption 2002, volume 2365 of LNCS, pages 195-209. Springer, 2002.
- P. Hawkes and G. Rose. Primitive speci cation for Sober-128. http://www.qualcomm.com.au/Sober128.html.
- P. Hawkes and G. Rose. Primitive speci cation and supporting documentation for Sober-t32. NESSIE project submission, October 2000.
- S. Jiang and G. Gong. Cryptanalysis of stream cipher - a survey. Technical Report CORR2002-29, University of Waterloo, 2002.
- T. Johansson and A. Maximov. A linear distinguishing algorithm on Scream. Presented at ISIT 2003, available at http://www.it.lth.se/movax/Publications/2003/Scream/ disting.pdf.
- Itsik Mantin. Analysis of the stream cipher RC4. Master's thesis, Weizmann Institute of Science, Rehovot, Israel, November 2001.
- D. McGrew and S. Fluhrer. The stream cipher Leviathan. NESSIE project submission, October 2000.
- W. Meier. personal communication, August 2003.
- P. Rogaway and D. Coppersmith. A software-optimized encryption algorithm. Journal of Cryptology, 11(4):273-287, Fall 1998.
- R. Rueppel. Stream ciphers. In G. Simmons, editor, Contemporary Cryptology - The Science of Information Integrity, pages 65-134. IEEE Press, 1992.
- M.-J. Saarinen. A time-memory tradeoff attack against LILI-128. In J. Daemen and V. Rijmen, editors, Proc. Fast Software Encryption 2002, volume 2365 of LNCS, pages 231-236. Springer, 2002.
- A. Stubble eld, J. Ioannidis, and A. Rubin. Using the Fluhrer, Mantin and Shamir attack to break WEP. Technical Report TD-4ZCPZZ, AT&T labs, August 2001.
- E. Zenner. On the ef ciency of clock control guessing. In P. J. Lee and C. H. Lim, editors, Proc. ICISC 7802, volume 2587 of LNCS, pages 200-212. Springer, 2003.
- E. Zenner. On the role of the inner state size in stream ciphers. Technical Report Informatik TR-04-001, University of Mannheim (Germany), January 2004. available at http://www.informatik.uni-mannheim.de/techberichte/ html/TR-04-001.html.
- E. Zenner, M. Krause, and S. Lucks. Improved cryptanalysis of the self-shrinking generator. In V. Varadharajan and Y. Mu, editors, Proc. ACISP 7801, volume 2119 of LNCS, pages 21-35. Springer, 2001.
- Thus, the inner state size is 576 bit. The most ef cient attack against full Sober-t32 is a distinguisher presented by Babbage et al. [4], requiring 2153+5 = 2158 output bits and a similar work effort. Recently, a new version Sober-128 with equal inner state size but reduced key length was published [25]. However, no cryptanalytic results are available for the time being.

#### Paper Citation

#### in Harvard Style

Zenner E. (2004). **On the Role of the Inner State Size in Stream Ciphers** . In *Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)* ISBN 972-8865-07-4, pages 237-250. DOI: 10.5220/0002676702370250

#### in Bibtex Style

@conference{wosis04,

author={Erik Zenner},

title={On the Role of the Inner State Size in Stream Ciphers},

booktitle={Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)},

year={2004},

pages={237-250},

publisher={SciTePress},

organization={INSTICC},

doi={10.5220/0002676702370250},

isbn={972-8865-07-4},

}

#### in EndNote Style

TY - CONF

JO - Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)

TI - On the Role of the Inner State Size in Stream Ciphers

SN - 972-8865-07-4

AU - Zenner E.

PY - 2004

SP - 237

EP - 250

DO - 10.5220/0002676702370250