Abstract
Differential cryptanalysis is probably the most popular tool for chosen plaintext attacks on block ciphers. It also applies to chosen IV attacks on stream ciphers, but here, high order differential attacks have been surprisingly successful, namely on NLFSR-based constructions. Most approaches have been developed in terms of the algebraic normal form of Boolean functions. Prominent examples are the d-monomial test, cube attacks, and cube testers. We review the various techniques and translate them into the terminology of high order derivatives introduced by Lai. The unified view points out similarities between seemingly different approaches and naturally suggests generalizations and refinements such as conditional differential cryptanalysis.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
This does not hold for the dynamic cube attack [7] which is quite different from the original cube attack considered here.
References
Aumasson, J.P., Dinur, I., Meier, W., Shamir, A.: Cube testers and key recovery attacks on reduced-round MD6 and Trivium. In: Dunkelman, O. (ed.) FSE. Lecture Notes in Computer Science, vol. 5665, pp. 1–22. Springer (2009)
Ben-Aroya, I., Biham, E.: Differential cryptanalysis of Lucifer. In: Stinson, D.R. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 773, pp. 187–199. Springer (1993)
Blum, M., Luby, M., Rubinfeld, R.: Self-testing/correcting with applications to numerical problems. In: Ortiz, H. (ed.) STOC. pp. 73–83. ACM (1990)
Cannière, C.D., Küçük, Ö., Preneel, B.: Analysis of grain’s initialization algorithm. In: Vaudenay, S. (ed.) Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, 11–14 June 2008. Proceedings. LNCS, vol. 5023, pp. 276–289. Springer (2008)
De Cannière, C.: Trivium: a stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., Lopez, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC. LNCS, vol. 4176, pp. 171–186. Springer (2006)
Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 5479, pp. 278–299. Springer (2009)
Dinur, I., Shamir, A.: Breaking Grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE. Lecture Notes in Computer Science, vol. 6733, pp. 167–187. Springer (2011)
Englund, H., Johansson, T., Turan, M.S.: A framework for chosen IV statistical analysis of stream ciphers. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT. LNCS, vol. 4859, pp. 268–281. Springer (2007)
Filiol, E.: A new statistical testing for symmetric ciphers and hash functions. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS. LNCS, vol. 2513, pp. 342–353. Springer (2002)
Fischer, S., Khazaei, S., Meier, W.: Chosen IV statistical analysis for key recovery attacks on stream ciphers. In: Vaudenay, S. (ed.) Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, 11–14 June 2008. Proceedings. LNCS, vol. 5023, pp. 236–245. Springer (2008)
Hell, M., Johansson, T., Maximov, A., Meier, W.: A stream cipher proposal: Grain-128. In: ISIT, pp. 1614–1618 (2006)
Hell, M., Johansson, T., Meier, W.: Grain: a stream cipher for constrained environments. Int. J. Wireless and Mobile Computing 2(1), 86–93 (2007)
Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of NLFSR-based cryptosystems. In: Abe, M. (ed.) ASIACRYPT. Lecture Notes in Computer Science, vol. 6477, pp. 130–145. Springer (2010)
Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of trivium and KATAN. In: Miri, A., Vaudenay, S. (eds.) Selected Areas in Cryptography (2011)
Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE. LNCS, vol. 1008, pp. 196–211. Springer (1994)
Lai, X.: Higher order derivatives and differential cryptanalysis. In: Blahut, R.E., Costello, D.J., Maurer, U., Mittelholzer, T. (eds.) Communicationis and Cryptography: Two Sides of One Tapestry, pp. 227–233. Kluwer Academic Publishers (1994)
Saarinen, M.J.O.: Chosen-IV statistical attacks on eStream ciphers. In: Malek, M., Fernández-Medina, E., Hernando, J. (eds.) SECRYPT, pp. 260–266. INSTICC Press (2006)
Stankovski, P.: Greedy distinguishers and nonrandomness detectors. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT. Lecture Notes in Computer Science, vol. 6498, pp. 210–226. Springer (2010)
Vielhaber, M.: Breaking ONE.FIVIUM by AIDA an Algebraic IV Differential Attack. IACR Cryptology ePrint Archive 2007, 413 (2007)
Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 3494, pp. 19–35. Springer (2005)
Wu, H., Preneel, B.: Resynchronization attacks on WG and LEX. In: Robshaw, M.J.B. (ed.) FSE. Lecture Notes in Computer Science, vol. 4047, pp. 422–432. Springer (2006)
Acknowledgements
This work was supported by the Hasler Foundation www.haslerfoundation.ch under project number 08065.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Knellwolf, S., Meier, W. High order differential attacks on stream ciphers. Cryptogr. Commun. 4, 203–215 (2012). https://doi.org/10.1007/s12095-012-0071-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12095-012-0071-9