文摘
Enocoro-80 is a lightweight stream cipher proposed in 2007. Several attacks on it have been published, although none have violated the claimed 80-bit security of Enocoro-80. The cipher had been adopted as an ISO/IEC29192 standard in 2012. This paper exploits the slide property of Enocoro-80, and shows that it is vulnerable to a related-key chosen IV attack when the key belongs to a large subset of class="mathmlsrc">class="formulatext stixSupport mathImg" data-mathURL="/science?_ob=MathURL&_method=retrieve&_eid=1-s2.0-S1574119215001522&_mathId=si1.gif&_user=111111111&_pii=S1574119215001522&_rdoc=1&_issn=15741192&md5=842c197687cac6974ca4f91f8e8caac7" title="Click to view the MathML source">272class="mathContainer hidden">class="mathCode"> of all class="mathmlsrc">class="formulatext stixSupport mathImg" data-mathURL="/science?_ob=MathURL&_method=retrieve&_eid=1-s2.0-S1574119215001522&_mathId=si2.gif&_user=111111111&_pii=S1574119215001522&_rdoc=1&_issn=15741192&md5=5aa599f6921b863232503da18b628eff" title="Click to view the MathML source">280class="mathContainer hidden">class="mathCode"> keys. This attack has a time complexity of class="mathmlsrc">class="formulatext stixSupport mathImg" data-mathURL="/science?_ob=MathURL&_method=retrieve&_eid=1-s2.0-S1574119215001522&_mathId=si3.gif&_user=111111111&_pii=S1574119215001522&_rdoc=1&_issn=15741192&md5=c3dbcf9ad98e19d0939ef826d59a4686" title="Click to view the MathML source">248class="mathContainer hidden">class="mathCode">, requiring class="mathmlsrc">class="formulatext stixSupport mathImg" data-mathURL="/science?_ob=MathURL&_method=retrieve&_eid=1-s2.0-S1574119215001522&_mathId=si4.gif&_user=111111111&_pii=S1574119215001522&_rdoc=1&_issn=15741192&md5=ad50a1f69afa8b4416a1e32e38bdf94b" title="Click to view the MathML source">217class="mathContainer hidden">class="mathCode"> chosen IVs. This is the first paper pointing out a potential weakness in the Enocoro-80 stream cipher.