The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Kreyvium é uma cifra de fluxo baseada em NLFSR orientada para compactação de texto cifrado homomórfico. Esta é uma variante do Trivium com segurança de 128 bits. Os designers avaliaram a segurança do Kreyvium e concluíram que a resistência do Kreyvium à criptoanálise diferencial condicional é pelo menos a resistência do Trivium, e ainda melhor. No entanto, consideramos que este ataque é eficaz para Kreyvium reduzido devido à sua estrutura. Este artigo mostra a criptoanálise diferencial condicional para Kreyvium, e propomos ataques de distinção e recuperação de chave. Mostramos como organizar diferenças e condições para obter boas características diferenciais condicionais de ordem superior. Usamos dois tipos de características diferenciais condicionais de ordem superior para encontrar um diferenciador, por exemplo, o viés das características diferenciais condicionais de ordem superior de um fluxo-chave e o viés probabilístico delas. No primeiro, obtemos o distintivo em Kreyvium com 730 cartuchos de características de 20ª ordem. No segundo, obtemos o diferenciador em Kreyvium com 899 tiros a partir de características diferenciais condicionais de 25ª ordem. Além disso, mostramos o principal ataque de recuperação em Kreyvium com 736 tiros de características de 20ª ordem. Confirmamos experimentalmente todos os nossos ataques. O segundo distintivo mostra que podemos obter o distintivo no Kreyvium com mais rodadas do que o distintivo no Trivium. Portanto, o Kreyvium possui uma margem de segurança menor que o Trivium para a criptoanálise diferencial condicional.
Yuhei WATANABE
the SEI-AIST Cyber Security Cooperative Research Laboratory
Takanori ISOBE
University of Hyogo
Masakatu MORII
Kobe University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Yuhei WATANABE, Takanori ISOBE, Masakatu MORII, "Cryptanalysis of Reduced Kreyvium" in IEICE TRANSACTIONS on Fundamentals,
vol. E101-A, no. 9, pp. 1548-1556, September 2018, doi: 10.1587/transfun.E101.A.1548.
Abstract: Kreyvium is a NLFSR-based stream cipher which is oriented to homomorphic-ciphertext compression. This is a variant of Trivium with 128-bit security. Designers have evaluated the security of Kreyvium and concluded that the resistance of Kreyvium to the conditional differential cryptanalysis is at least the resistance of Trivium, and even better. However, we consider that this attack is effective for reduced Kreyvium due to the structure of it. This paper shows the conditional differential cryptanalysis for Kreyvium, and we propose distinguishing and key recovery attacks. We show how to arrange differences and conditions to obtain good higher-order conditional differential characteristics. We use two types of higher-order conditional differential characteristics to find a distinguisher, e.g. the bias of higher-order conditional differential characteristics of a keystream and the probabilistic bias of them. In the first one, we obtain the distinguisher on Kreyvium with 730 rounds from 20-th order characteristics. In the second one, we obtain the distinguisher on Kreyvium with 899 rounds from 25-th order conditional differential characteristics. Moreover, we show the key recovery attack on Kreyvium with 736 rounds from 20-th order characteristics. We experimentally confirm all our attacks. The second distinguisher shows that we can obtain the distinguisher on Kreyvium with more rounds than the distinguisher on Trivium. Therefore, Kreyvium has a smaller security margin than Trivium for the conditional differential cryptanalysis.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E101.A.1548/_p
Copiar
@ARTICLE{e101-a_9_1548,
author={Yuhei WATANABE, Takanori ISOBE, Masakatu MORII, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Cryptanalysis of Reduced Kreyvium},
year={2018},
volume={E101-A},
number={9},
pages={1548-1556},
abstract={Kreyvium is a NLFSR-based stream cipher which is oriented to homomorphic-ciphertext compression. This is a variant of Trivium with 128-bit security. Designers have evaluated the security of Kreyvium and concluded that the resistance of Kreyvium to the conditional differential cryptanalysis is at least the resistance of Trivium, and even better. However, we consider that this attack is effective for reduced Kreyvium due to the structure of it. This paper shows the conditional differential cryptanalysis for Kreyvium, and we propose distinguishing and key recovery attacks. We show how to arrange differences and conditions to obtain good higher-order conditional differential characteristics. We use two types of higher-order conditional differential characteristics to find a distinguisher, e.g. the bias of higher-order conditional differential characteristics of a keystream and the probabilistic bias of them. In the first one, we obtain the distinguisher on Kreyvium with 730 rounds from 20-th order characteristics. In the second one, we obtain the distinguisher on Kreyvium with 899 rounds from 25-th order conditional differential characteristics. Moreover, we show the key recovery attack on Kreyvium with 736 rounds from 20-th order characteristics. We experimentally confirm all our attacks. The second distinguisher shows that we can obtain the distinguisher on Kreyvium with more rounds than the distinguisher on Trivium. Therefore, Kreyvium has a smaller security margin than Trivium for the conditional differential cryptanalysis.},
keywords={},
doi={10.1587/transfun.E101.A.1548},
ISSN={1745-1337},
month={September},}
Copiar
TY - JOUR
TI - Cryptanalysis of Reduced Kreyvium
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1548
EP - 1556
AU - Yuhei WATANABE
AU - Takanori ISOBE
AU - Masakatu MORII
PY - 2018
DO - 10.1587/transfun.E101.A.1548
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E101-A
IS - 9
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - September 2018
AB - Kreyvium is a NLFSR-based stream cipher which is oriented to homomorphic-ciphertext compression. This is a variant of Trivium with 128-bit security. Designers have evaluated the security of Kreyvium and concluded that the resistance of Kreyvium to the conditional differential cryptanalysis is at least the resistance of Trivium, and even better. However, we consider that this attack is effective for reduced Kreyvium due to the structure of it. This paper shows the conditional differential cryptanalysis for Kreyvium, and we propose distinguishing and key recovery attacks. We show how to arrange differences and conditions to obtain good higher-order conditional differential characteristics. We use two types of higher-order conditional differential characteristics to find a distinguisher, e.g. the bias of higher-order conditional differential characteristics of a keystream and the probabilistic bias of them. In the first one, we obtain the distinguisher on Kreyvium with 730 rounds from 20-th order characteristics. In the second one, we obtain the distinguisher on Kreyvium with 899 rounds from 25-th order conditional differential characteristics. Moreover, we show the key recovery attack on Kreyvium with 736 rounds from 20-th order characteristics. We experimentally confirm all our attacks. The second distinguisher shows that we can obtain the distinguisher on Kreyvium with more rounds than the distinguisher on Trivium. Therefore, Kreyvium has a smaller security margin than Trivium for the conditional differential cryptanalysis.
ER -