On the frame length of Achterbahn-128/80

On the frame length of Achterbahn-128/80

In this paper we examine a correlation attack against combination generators introduced by Meier et al. in 2006 and extended to a more powerful tool by Naya-Plasencia. The method has been used in the cryptanalysis of the stream ciphers Achterbahn and Achterbahn-128/80. No mathematical proofs for the...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Gottfert, R., Gammel, B.M.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Binary sequences
Boolean functions
Polynomials
Probability distribution
Random variables
Shift registers
Vectors
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper we examine a correlation attack against combination generators introduced by Meier et al. in 2006 and extended to a more powerful tool by Naya-Plasencia. The method has been used in the cryptanalysis of the stream ciphers Achterbahn and Achterbahn-128/80. No mathematical proofs for the method were given. We show that rigorous proofs can be given in an appropriate model, and that the implications derived from that model are in accordance with experimental results obtained from a true combination generator. We generalize the new correlation attack and, using that generalization, show that the internal state of Achterbahn-128 can be recovered with complexity 2 119 using 2 48.54 consecutive keystream bits. In order to investigate a lower bound for the frame length of Achterbahn-128 we consider another application of the generalized correlation attack. This attack has complexity 2 136 (higher than brute force) and requires 2 44.99 keystream bits. Similar results hold for Achterbahn-128. Due to these findings our new recommendation for the frame length of Achterbahn-128 and Achterbahn-80 is 2 44 bits.
DOI:10.1109/ITWITWN.2007.4318039