Achterbahn is one of the candidate stream ciphers submitted to the eSTREAM, which is the ECRYPT Stream Cipher Project. The cipher Achterbahn uses a new structure which is based on several nonlinear feedback shift regi...Achterbahn is one of the candidate stream ciphers submitted to the eSTREAM, which is the ECRYPT Stream Cipher Project. The cipher Achterbahn uses a new structure which is based on several nonlinear feedback shift registers (NLFSR) and a nonlinear combining output Boolean function. This paper proposes distinguishing attacks on Achterbahn-Version 1 and -Version 2 on the reduced mode and the full mode. These distinguishing attacks are based on linear approximations of the output functions. On the basis of these linear approximations and the periods of the registers, parity checks with noticeable biases are found. Then distinguishing attacks can be achieved through these biased parity checks. As to Achterbahn-Version 1, three cases that the output function has three possibilities are analyzed. Achterbahn-Version 2, the modification version of Achterbahn-Version 1, is designed to avert attacks based on approximations of the output Boolean function. Our attack with even much lower complexities on Achterbahn-Version 2 shows that Achterbahn-Version 2 cannot prevent attacks based on linear approximations.展开更多
Achterbahn-128 is a stream cipher proposed by Gammel et al. and submitted to the eSTREAM project. Though many attacks have been published, no recovery attack better than Naya-Plasencia' s results with 256 bit keystre...Achterbahn-128 is a stream cipher proposed by Gammel et al. and submitted to the eSTREAM project. Though many attacks have been published, no recovery attack better than Naya-Plasencia' s results with 256 bit keystream limitation. Similar approach is shown and found a specific parity check and decimation. Then an improved distinguisher is constructed for Achterbahn-128 to recover the key with only O (255) keystream bit and O (2102) time complexity. Furthermore, this result is much more effective than the former.展开更多
基金This work was supported by tile National Natural Science Foundation of China under Grant No.60673068the National Grand Fundamental Research 973 Program of China under Grant No.2004CB318004.
文摘Achterbahn is one of the candidate stream ciphers submitted to the eSTREAM, which is the ECRYPT Stream Cipher Project. The cipher Achterbahn uses a new structure which is based on several nonlinear feedback shift registers (NLFSR) and a nonlinear combining output Boolean function. This paper proposes distinguishing attacks on Achterbahn-Version 1 and -Version 2 on the reduced mode and the full mode. These distinguishing attacks are based on linear approximations of the output functions. On the basis of these linear approximations and the periods of the registers, parity checks with noticeable biases are found. Then distinguishing attacks can be achieved through these biased parity checks. As to Achterbahn-Version 1, three cases that the output function has three possibilities are analyzed. Achterbahn-Version 2, the modification version of Achterbahn-Version 1, is designed to avert attacks based on approximations of the output Boolean function. Our attack with even much lower complexities on Achterbahn-Version 2 shows that Achterbahn-Version 2 cannot prevent attacks based on linear approximations.
基金supported by the National Natural Science Foundation of China(11471255,11501438)Scientific Research Foundation of the Education of Department of Shaanxi Province of China(15JK1411)+1 种基金Natural Science and Technology Project of Shaanxi Province of China(2014JQ1027,2015JQ1014,2017JQ6059)Foundation of Xi’an University of Architecture and Technology(RC1338,RC1438,JC1416)
文摘Achterbahn-128 is a stream cipher proposed by Gammel et al. and submitted to the eSTREAM project. Though many attacks have been published, no recovery attack better than Naya-Plasencia' s results with 256 bit keystream limitation. Similar approach is shown and found a specific parity check and decimation. Then an improved distinguisher is constructed for Achterbahn-128 to recover the key with only O (255) keystream bit and O (2102) time complexity. Furthermore, this result is much more effective than the former.
