Slide attack on standard stream cipher Enocoro-80 in the related-key chosen IV setting

详细信息    查看全文

• 作者：Lin Ding ; ^{dinglin_cipher@163.com" class="auth_mail" title="E-mail the corresponding author} ; Chenhui Jin ^{jinchenhui@126.com" class="auth_mail" title="E-mail the corresponding author} ; Jie Guan ^{guanjie007@163.com" class="auth_mail" title="E-mail the corresponding author}
• 关键词：Cryptanalysis ; Lightweight stream cipher ; Enocoro-80 ; Slide property
• 刊名：Pervasive and Mobile Computing
• 出版年：2015
• 出版时间：December 2015
• 年：2015
• 卷：24
• 期：Complete
• 页码：224-230
• 全文大小：460 K

文摘

Enocoro-80 is a lightweight stream cipher proposed in 2007. Several attacks on it have been published, although none have violated the claimed 80-bit security of Enocoro-80. The cipher had been adopted as an ISO/IEC29192 standard in 2012. This paper exploits the slide property of Enocoro-80, and shows that it is vulnerable to a related-key chosen IV attack when the key belongs to a large subset of class="mathmlsrc">class="formulatext stixSupport mathImg" data-mathURL="/science?_ob=MathURL&_method=retrieve&_eid=1-s2.0-S1574119215001522&_mathId=si1.gif&_user=111111111&_pii=S1574119215001522&_rdoc=1&_issn=15741192&md5=842c197687cac6974ca4f91f8e8caac7" title="Click to view the MathML source">2⁷²class="mathContainer hidden">class="mathCode">$2^{72}$ of all class="mathmlsrc">class="formulatext stixSupport mathImg" data-mathURL="/science?_ob=MathURL&_method=retrieve&_eid=1-s2.0-S1574119215001522&_mathId=si2.gif&_user=111111111&_pii=S1574119215001522&_rdoc=1&_issn=15741192&md5=5aa599f6921b863232503da18b628eff" title="Click to view the MathML source">2⁸⁰class="mathContainer hidden">class="mathCode">$2^{80}$ keys. This attack has a time complexity of class="mathmlsrc">class="formulatext stixSupport mathImg" data-mathURL="/science?_ob=MathURL&_method=retrieve&_eid=1-s2.0-S1574119215001522&_mathId=si3.gif&_user=111111111&_pii=S1574119215001522&_rdoc=1&_issn=15741192&md5=c3dbcf9ad98e19d0939ef826d59a4686" title="Click to view the MathML source">2⁴⁸class="mathContainer hidden">class="mathCode">$2^{48}$, requiring class="mathmlsrc">class="formulatext stixSupport mathImg" data-mathURL="/science?_ob=MathURL&_method=retrieve&_eid=1-s2.0-S1574119215001522&_mathId=si4.gif&_user=111111111&_pii=S1574119215001522&_rdoc=1&_issn=15741192&md5=ad50a1f69afa8b4416a1e32e38bdf94b" title="Click to view the MathML source">2¹⁷class="mathContainer hidden">class="mathCode">$2^{17}$ chosen IVs. This is the first paper pointing out a potential weakness in the Enocoro-80 stream cipher.