文摘
The Decim v1 is a hardware oriented stream cipher that was proposed by Berbain et?al. and has been submitted to eSTREAM. Decim v2 is a revised version of Decim v1 and was submitted to ISO/IEC 18033-4. Decim-128 is a 128-bit security version of Decim. In this paper, we propose related key chosen IV attacks on Decim v2 and Decim-128. The attacks on Decim v2 and Decim-128 can recover the 80-bit and 128-bit secret keys with computational complexity of 268/296, requiring 220/251 chosen IVs, 226/256.88-bit stream sequence and negligible/ 242.58 bits space, respectively. When more than 8 and 10 related keys can be obtained for Decim v2 and Decim-128, the computational complexity can be reduced to 232/238, requiring 223/233.32 chosen IVs, 229/239.25-bit stream sequence and negligible/ 230.91 bits space, respectively. These results have been the best key recovery attacks on Decim v2 and Decim-128.