News & Events
Submitted by klpatra on 6 July, 2018 - 15:27
Date/Time:
Thursday, July 12, 2018 - 16:00 to 17:00
Title:
Some results on Stream Ciphers
Abstract:- This talk is based on some results on the stream ciphers RC4, Salsa, ChaCha and Fruit. We provide
theoretical proofs of few famous biases observed in the RC4 algorithm. These biases have significant
contributions to recover plaintexts from the knowledge of ciphertexts. For Salsa and ChaCha, we
improve the existing attacks. Fruit, which is an ultra lightweight stream cipher proposed very
recently, does not have many known attacks against it till now. Here we cryptanalyse Fruit and
provide a time memory tradeoff attack.
RC4, which is one of the mostly used stream ciphers in last two decades, is now considered to be
weak because of multiple biases which have been reported. RC4 has gone through rigorous analysis
in last twenty years. In 1995, Andrew Roos observed a bias of output bytes of RC4. We generalise
that work. We also provide some theoretical justification for the bias of every output byte towards a
linear function of the first key byte, which was observed by Paterson et al. in Asiacrypt 2014. This
bias has been used in a broadcast attack in WEP. Also, another useful bias observed experimentally
is the bias of i-th output byte towards i. Here we justify this bias theoretically.
Salsa and ChaCha are two ciphers which are considered to be the replacement of old stream ciphers
like RC4. In FSE 2008, Aumasson et al. introduced an idea of probabilistically neutral bits to provide
differential attacks against these two ciphers. Using that idea, Salsa can be attacked up to 8-th round
and ChaCha up to 7-th round. Afterwards, those attacks have been improved further. Here, we
provide an algorithm to construct the set of probabilistically neutral bits in a better way to improve
the attack. Our construction of probabilistically neutral bit set is able to reduce the attack
complexity, both for Salsa and ChaCha. Fruit, compared to the previously discussed ciphers, is much
newer. Fruit is very interesting because of its ultra lightweight structure. Its design is inspired by the
principle used in Sprout, which involved the use of key bits in NFSR update function. Fruit has a state
of size 80, which is same as its key size. We provide a time memory tradeoff attack against Fruit. Our
attack finds the state with complexity around $2^{75}$ for first 80-bit version of Fruit and complexity $2^{76.66}$
second 80-bit version of Fruit.
Contact us
School of Mathematical Sciences
NISER, PO- Bhimpur-Padanpur, Via- Jatni, District- Khurda, Odisha, India, PIN- 752050
Tel: +91-674-249-4081
Corporate Site - This is a contributing Drupal Theme
Design by
WeebPal.