Related key chosen IV attacks on Decim v2 and Decim-128

详细信息    查看全文

• 作者：Ding  ; Lin  ; ;   ; ^a ;   ; ^{dl_cipher@163.com} ;   ; ^{dinglin_cipher@163.com} ; Guan  ; Jie^a ;   ; ^{guanjie007@163.com}
• 关键词：Cryptanalysis ; Related key chosen IV attack ; Decim v2 ; Decim-128 ; Stream cipher
• 刊名：Mathematical and Computer Modelling
• 出版年：2012
• 出版时间：January 2012
• 年：2012
• 卷：55
• 期：1-2
• 页码：123-133
• 全文大小：309 K

文摘

The Decim v1 is a hardware oriented stream cipher that was proposed by Berbain et?al. and has been submitted to eSTREAM. Decim v2 is a revised version of Decim v1 and was submitted to ISO/IEC 18033-4. Decim-128 is a 128-bit security version of Decim. In this paper, we propose related key chosen IV attacks on Decim v2 and Decim-128. The attacks on Decim v2 and Decim-128 can recover the 80-bit and 128-bit secret keys with computational complexity of 2⁶⁸/2⁹⁶, requiring 2²⁰/2⁵¹ chosen IVs, 2²⁶/2^56.88-bit stream sequence and negligible/ 2^42.58 bits space, respectively. When more than 8 and 10 related keys can be obtained for Decim v2 and Decim-128, the computational complexity can be reduced to 2³²/2³⁸, requiring 2²³/2^33.32 chosen IVs, 2²⁹/2^39.25-bit stream sequence and negligible/ 2^30.91 bits space, respectively. These results have been the best key recovery attacks on Decim v2 and Decim-128.