Beruflich Dokumente
Kultur Dokumente
1-2)Distinguishing attack attack and its comparison with other exerted attacks on this
algorithm have been explicated. The 5th section includes
One of the possible tools to analyse a stream cipher is the the conclusion.
linear statistical distinguisher approach introduced by J.
Goli [12].His work contains the basic notion, the basic 2)Algorithm structure
mathematical results, a method for finding distinguishers
called Linear Sequential Circuit Approximation (LSCA),
2-1) key stream generation
.
The purpose of a distinguishing attack is to provide
The suggested design contains a 177-bit internal state
evidence that the generated keystream sequence is not
marked by (s 1 ,…s 177 ). Each clock of the cipher
completely random. A distinguishing attack is not as strong
R R R R
t 1 ←t 1 +s 91 .s 92 +s 171
R R R R R R R R R
Trivium is a stream cipher candidate of the eSTREAM (s 94 ,s 95 ,…,s 177 ) ←(t 1 ,s 94 ,…,s 176 )
R R R R R R R R R R R R
internal state of 288 bits and the key of 80 bits. Though the (s 94 ,s 95 ,…,s 177 ) →(b 1 ,b 2 ,…,b 84 )
R R R R R R R R R R R R
O(ε-2) =O(230.79)
P P P P
4.simulation result
In [7] Julia Borghoff, Lars R. Knudsen and Mathias Stolpe
propose a new approach to solve the system of equations
for internal state recovery of Bivium using combinatorial
optimization with an estimated time complexity of O(264.5) P P
for non-linear updating section. Then we approximate the Raddum Algebraic Attack O(2 ) 56
P P
multiplication of the two bits. The probability of this McDonald, Guess and 52.3
O(2 )
approximation is 3/4. Thus we will have: Charnes, Pieprzyk Determine Attack
P P
a
1
t +1 =a 69
t ⊕b ⊕b69
t
84
t
Maximov, State Recovery
O(251)
Biryukov Attack
P P
b
1
t +1 =b 78
t ⊕a 66
t ⊕a 93
t Maximov, Distinguishing
O(232)
Biryukov Attack
P P
With the aid of simulation, the best delay will be τ = 46. 5.conclusion:
A : b1t +1 ⊕ bt78 = a t66 ⊕ a 93 t
B : a1t +1 ⊕ a t69 = bt69 ⊕ b84 t
In this article, the trivium algorithm has been scrutinized
C : z t = a1t +1 ⊕ a t69 ⊕ b1t +1 ⊕ bt78 and its downgraded copy of bivium which is one of the
D : z t +τ = a1t +1 ⊕ a t69 ⊕ b1t +1 ⊕ bt78 algorithms of eSTREAM project. This project aims at
E : z t ⊕ z t +τ = 0 design and analysis of protracted ciphers in order to
present a trustworthy collection. After a brief explanation
P(C) = P(A∩B) + P(A'∩B')= 1-P(A)-P(B)+2×P (A∩B). of this algorithm and its structure which encompasses key
Our goal for the distinguisher is the calculation of p(E). update, state update and key generation, and with the help
P(A∩B) =0.5624 of the idea which has been presented in the article plus
P(C)= 0.6258 utilizing appropriate linear approximation and the
P(E) = P(C∩D) + P(C'∩D') outcomes of the simulation, I could set the attack
IJCSI International Journal of Computer Science Issues, Vol. 8, Issue 1, January 2011 144
ISSN (Online): 1694-0814
www.IJCSI.org
References
[1] Claude Shannon. “Communication theory of secrecy systems”.
Bell System Technical Journal , 28-4:656-715, 1949.
[2] Alexander Maximov. “Some Words on Cryptanalysis of Stream
Ciphers”. Lund University,PH.D. Thesis, 2006.
[3] Golomb, S.W., “Shift Register Sequences”. Holden ‐Day, San
Fransisco, 1967
[4]ECRYPT.theeStream project http://www.ecrypt.eu.org/timetable
[5] Matthew, Robshaw Olivier Billet. “New Stream Cipher Designs:
The eSTREAM Finalists”, Lecture Notes in Computer Science,
volume 4986, Springer, 2008.
[6] ECRYPT.theeStreamproject : http://www. ecrypt.eu.org/stream
[7] Borghoff, J., Knudsen, L. R., and Stolpe, M., "Bivium as a
Mixed-Integer Linear Programming Problem", Lecture Notes in
Computer Science (LNCS), Vol. 5921, 2009, pp 133-152.
[8] De Canniere, C., Preneel, B., "TRIVIUM–a stream cipher
construction inspired by block cipher design principles",
eSTREAM, ECRYPT Stream Cipher Project, Report
2005/030,2005 http://www.ecrypt.eu.org/stream/trivium.html
[9] Maximov, A., Biryukov, A., "Two Trivial Attacks on Trivium",
Selected Areas in Cryptography 2007, 2007, pp. 36-55.
[10] Raddum, H.,"Cryptanalytic Results on Trivium", eSTREAM,
ECRYPT Stream Cipher Project, Report 2006/039, 2006.
http://www .ecrypt.eu.org/stream
[11] McDonald, C., Charnes, C., Pieprzyk, J., " AttackingBivium
with MiniSat", Cryptology ePrint Archive, Report 2007/040,
2007
[12]J. Dj. Goli´c. Intrinsic statistical weakness of keystream
generators. In J. Pieprzyk and R. Safavi-Naini, editors, Advances
in Cryptology — ASIACRYPT’94, volume 917 of Lecture Notes
in Computer Science, pages 91–103. Springer-Verlag, 1994.
[13] J. Dj. Goli´c. Linear models for a time-variant permutation
generator.IEEE Transactions on Information Theory,
45(7):2374–2382,1999