Neda Rohani, Zainab Noferesti, J. Mohajeri, M. Aref
{"title":"Guess and Determine Attack on Trivium Family","authors":"Neda Rohani, Zainab Noferesti, J. Mohajeri, M. Aref","doi":"10.1109/EUC.2010.123","DOIUrl":null,"url":null,"abstract":"Trivium is a hardware profile finalist of eSTREAM project. It is a synchronous bit-oriented stream cipher. The cipher’s internal state has 288 bits. Bivium is a simplified version of Trivium with a smaller internal state. Both algorithms provide the security level of 80 bits. In this paper we introduce a guess and determine attack on Trivium and Bivium. In our method, we first find the linear approximations for the updating functions. Then by using these approximations, we build a system of linear equations and internal state variables. In order to solve the system, some bits of the internal state should be guessed. Our attack on Trivium is not successful because of the large length of internal state therefore it is resistant to the method. It’s complexity is of order O(2^90.67). But for recovering the state of Bivium, we need to guess only 27.55 bits and other bits will be determined. In order to complete the attack 2^43.99 bits of key stream are needed. The complexity of the attack on Bivium is O(2^27.55), which is an improvement to the previous guess and determine attack with a complexity of order O(2^52.3).","PeriodicalId":265175,"journal":{"name":"2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2010-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EUC.2010.123","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9
Abstract
Trivium is a hardware profile finalist of eSTREAM project. It is a synchronous bit-oriented stream cipher. The cipher’s internal state has 288 bits. Bivium is a simplified version of Trivium with a smaller internal state. Both algorithms provide the security level of 80 bits. In this paper we introduce a guess and determine attack on Trivium and Bivium. In our method, we first find the linear approximations for the updating functions. Then by using these approximations, we build a system of linear equations and internal state variables. In order to solve the system, some bits of the internal state should be guessed. Our attack on Trivium is not successful because of the large length of internal state therefore it is resistant to the method. It’s complexity is of order O(2^90.67). But for recovering the state of Bivium, we need to guess only 27.55 bits and other bits will be determined. In order to complete the attack 2^43.99 bits of key stream are needed. The complexity of the attack on Bivium is O(2^27.55), which is an improvement to the previous guess and determine attack with a complexity of order O(2^52.3).