Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security

ISC 2008: Information Security pp 204–214Cite as

Cryptanalysis of Rabbit

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5222))

Abstract

The stream cipher Rabbit is one candidate to the ECRYPT Stream Cipher Project (eSTREAM) on the third evaluation phase. It has a 128-bit key, 64-bit IV and 513-bit internal state. Currently, only one paper [1] studied it besides a series of white papers by the authors of Rabbit. In [1], the bias of the keystream sub-blocks was studied and a distinguishing attack with the estimated complexity 2247 was proposed based on the largest bias computed.

In this paper, we first computed the exact bias of the keystream sub-blocks by Fast Fourier Transform (FFT). Our result leads to the best distinguishing attack with the complexity 2158 so far, in comparison to 2247 in [1]. Meanwhile, our result also indicates that the approximation assumption used in [1] is critical for estimation of the bias and cannot be ignored. Secondly, our distinguishing attack is extended to a multi-frame key-recovery attack, assuming that the relation between part of the internal states of all frames is known. Our attack uses 251.5 frames and the first three keystream blocks of each frame. It takes memory O(232), precomputation O(232) and time O(297.5) to recover the keys for all frames. This is the first known key-recovery attack on Rabbit, though the attack assumption is unusually strong. Lastly, as an independent result, we introduced the property of Almost-Right-Distributivity of the bit-wise rotation over the modular addition for our algebraic analysis.This allows to solve the nonlinear yet symmetric equation system more efficiently for our problem.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aumasson, J.-P.: On a bias of Rabbit (January 2007), http://eprint.iacr.org/2007/033

  2. Baignères, T., Junod, P., Vaudenay, S.: How far can we go beyond linear cryptanalysis? In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 432–450. Springer, Heidelberg (2004)

    Google Scholar 

  3. Biham, E., Dunkelman, O.: Differential cryptanalysis in stream ciphers(2007), http://eprint.iacr.org/2007/218

  4. Boesgaard, M., Vesterager, M., Pedersen, T., Christiansen, J., Scavenius, O.: Rabbit: A new high-performance stream cipher. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 307–329. Springer, Heidelberg (2003)

    Google Scholar 

  5. Boesgaard, M., Vesterager, M., Christensen, T., Zenner, E.: The stream cipher Rabbit, the ECRYPT stream cipher project - eSTREAM Report 2005/024 (2005), http://www.ecrypt.eu.org/stream/

  6. Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to algorithms. MIT Press, Cambridge (2001)

    MATH  Google Scholar 

  7. Cryptico A/S, Algebraic analysis of rabbit, 2003. White paper.

    Google Scholar 

  8. Cryptico A/S, Analysis of the key setup function in rabbit, White paper (2003)

    Google Scholar 

  9. Cryptico A/S, Hamming weights of the g-function, White paper (2003)

    Google Scholar 

  10. Cryptico A/S, Periodic properties of rabbit, White paper (2003)

    Google Scholar 

  11. Cryptico A/S, Second degree approximations of the g-function, White paper (2003)

    Google Scholar 

  12. Cryptico A/S, Security analysis of the IV-setup for rabbit, White paper (2003)

    Google Scholar 

  13. Matsui, M.: Linear cryptanalysis method for DES cipher, EUROCRYPT 1993. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)

    Google Scholar 

  14. Maximov, A., Johansson, T.: Fast computation of large distributions and its cryptographic applications. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 313–332. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Division of Mathematical Sciences School of Physical & Mathematical Sciences, Nanyang Technological University, Singapore

    Yi Lu, Huaxiong Wang & San Ling

  2. Centre for Advanced Computing - Algorithms and Cryptography Department of Computing, Macquarie University, Australia

    Huaxiong Wang

Authors
  1. Yi Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Huaxiong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. San Ling
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Tzong-Chen Wu Chin-Laung Lei Vincent Rijmen Der-Tsai Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lu, Y., Wang, H., Ling, S. (2008). Cryptanalysis of Rabbit. In: Wu, TC., Lei, CL., Rijmen, V., Lee, DT. (eds) Information Security. ISC 2008. Lecture Notes in Computer Science, vol 5222. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85886-7_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85886-7_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85884-3

  • Online ISBN: 978-3-540-85886-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation