Abstract
Dragon is a word oriented stream cipher submitted to the ECRYPT project, it operates on key sizes of 128 and 256 bits. The original idea of the design is to use a nonlinear feedback shift register (NLFSR) and a linear part (counter), combined by a filter function to generate a new state of the NLFSR and produce the keystream. The internal state of the cipher is 1088 bits, i.e., any kinds of TMD attacks are not applicable. In this paper we present two statistical distinguishers that distinguish Dragon from a random source both requiring around O(2155) words of the keystream. In the first scenario the time complexity is around O(2155 + 32) with the memory complexity O(232), whereas the second scenario needs only O(2155) of time, but O(296) of memory. The attack is based on a statistical weakness introduced into the keystream by the filter function F. This is the first paper presenting an attack on Dragon, and it shows that the cipher does not provide full security when the key of size 256 bits is used.
The work described in this paper has been supported in part by Grant VR 621-2001-2149, and in part by the European Commission through the IST Program under Contract IST-2002-507932 ECRYPT.
The information in this document reflects only the author’s views, is provided as is and no guarantee or warranty is given that the information is fit for any particular purpose. The user thereof uses the information at its sole risk and liability.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Zoltak, B.: VMPC one-way function and stream cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 210–225. Springer, Heidelberg (2004)
Paul, S., Preneel, B.: A new weakness in the rc4 keystream generator and an approach to improve the security of the cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 245–259. Springer, Heidelberg (2004)
Rogaway, P., Coppersmith, D.: A software-optimized encryption algorithm. Journal of Cryptology 11(4), 273–287 (1998)
Rogaway, P., Coppersmith, D.: A software-optimised encryption algorithm. In: Anderson, R. (ed.) FSE 1993. LNCS, vol. 809, pp. 56–63. Springer, Heidelberg (1994)
Hawkes, P., Rose, G.G.: Primitive specification and supporting documentation for SOBER-t16 submission to NESSIE. In: Proceedings of First Open NESSIE Workshop (2000) (Accessed October 5, 2003) Available at http://www.cryptonessie.org
Ekdahl, P., Johansson, T.: SNOW - a new stream cipher. In: Proceedings of First Open NESSIE Workshop (2000)
Ekdahl, P., Johansson, T.: A new version of the stream cipher SNOW. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 47–61. Springer, Heidelberg (2003)
Daemen, J., Clapp, C.: Fast hashing and stream encryption with PANAMA. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 60–74. Springer, Heidelberg (1998)
Halevi, S., Coppersmith, D., Jutla, C.S.: Scream: A software-efficient stream cipher. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 195–209. Springer, Heidelberg (2002)
Watanabe, D., Furuya, S., Yoshida, H., Takaragi, K., Preneel, B.: A new keystream generator MUGI. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 179–194. Springer, Heidelberg (2002)
Ferguson, N., Whiting, D., Schneier, B., Kelsey, J., Lucks, S., Kohno, T.: Helix fast encryption and authentication in a single cryptographic primitive. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 330–346. Springer, Heidelberg (2003)
Boesgaard, M., Vesterager, M., Pedersen, T., Christiansed, J., Scavenius, O.: Rabbit: A new high-performance stream cipher. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 307–329. Springer, Heidelberg (2003)
Rose, G.G., Hawkes, P.: Turing: A fast stream cipher. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 290–306. Springer, Heidelberg (2003)
NESSIE. New European Schemes for Signatures, Integrity, and Encryption (1999) (Accessed August 18, 2003), Available at http://www.cryptonessie.org
SKEW. Symmetric key encryption workshop (2005) (Accessed August 6, 2005), Available at http://www2.mat.dtu.dk/people/Lars.R.Knudsen/stvl/
Chen, K., Henricksen, M., Millan, W., Fuller, J., Simpson, L., Dawson, E., Lee, H., Moon, S.: Dragon: A fast word based stream cipher. ECRYPT Stream Cipher Project Report 2005/006
Coppersmith, D., Halevi, S., Jutla, C.S.: Cryptanalysis of stream ciphers with linear masking. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 515–532. Springer, Heidelberg (2002)
Golić, J.: Intrinsic statistical weakness of keystream generators, pp. 91–103 (1994)
Maximov, A., Johansson, T.: Fast computation of large distributions and its cryptographic applications. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 313–332. Springer, Heidelberg (2005)
Johansson, T., Maximov, A.: A Linear Distinguishing Attack on Scream. In: Information Symposium in Information Theory ISIT 2003, p. 164. IEEE, Los Alamitos (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Englund, H., Maximov, A. (2005). Attack the Dragon. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds) Progress in Cryptology - INDOCRYPT 2005. INDOCRYPT 2005. Lecture Notes in Computer Science, vol 3797. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596219_11
Download citation
DOI: https://doi.org/10.1007/11596219_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30805-8
Online ISBN: 978-3-540-32278-8
eBook Packages: Computer ScienceComputer Science (R0)