首页|Generic attacks on small-state stream cipher constructions in the multi-user setting
Generic attacks on small-state stream cipher constructions in the multi-user setting
扫码查看
点击上方二维码区域,可以放大扫码查看
原文链接
NETL
NSTL
万方数据
Small-state stream ciphers(SSCs),which violate the principle that the state size should exceed the key size by a factor of two,still demonstrate robust security properties while maintaining a lightweight design.These ciphers can be clas-sified into several constructions and their basic security requirement is to resist generic attacks,i.e.,the time-mem-ory-data tradeoff(TMDTO)attack.In this paper,we investigate the security of small-state constructions in the multi-user setting.Based on it,the TMDTO distinguishing attack and the TMDTO key recovery attack are developed for such a setting.It is shown that SSCs which continuously use the key can not resist the TMDTO distinguishing attack.Moreover,SSCs based on the continuous-Ⅳ-key-use construction cannot withstand the TMDTO key recovery attack when the key length is shorter than the Ⅳ length,no matter whether the keystream length is limited or not.Finally,we apply these two generic attacks to TinyJAMBU and DRACO in the multi-user setting.The TMDTO distinguish-ing attack on TinyJAMBU with a 128-bit key can be mounted with time,memory,and data complexities of 264,248,and 232,respectively.This attack is comparable with a recent work on ToSC 2022,where partial key bits of TinyJAMBU are recovered with more than 250 users(or keys).As DRACO's Ⅳ length is smaller than its key length,it is vulnerable to the TMDTO key recovery attack.The resulting attack has a time and memory complexity of both 2112,which means DRACO does not provide 128-bit security in the multi-user setting.
NETL
NSTL
万方数据
