Weaknesses of COSvd (2,128) Stream Cipher

Weaknesses of COSvd (2,128) Stream Cipher

The COSvd (2,128) cipher was proposed at the ECRYPT SASC’2004 workshop by Filiol et. al to strengthen the past COS (2,128) stream cipher. It uses clock-controlled non-linear feedback registers filtered by a highly non-linear output function and was claimed to prevent any existing attacks. However, a...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Zhang, Bin, Wu, Hongjun, Feng, Dengguo, Wang, Hong
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Applied sciences
Computer science
control theory
systems
Computer systems and distributed systems. User interface
COS cipher
Cryptography
Divide-and-Conquer
Exact sciences and technology
Information, signal and communications theory
Memory and file management (including protection and security)
Memory organisation. Data processing
Non- linear feedback shift register
Signal and communications theory
Software
Stream cipher
Telecommunications and information theory
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The COSvd (2,128) cipher was proposed at the ECRYPT SASC’2004 workshop by Filiol et. al to strengthen the past COS (2,128) stream cipher. It uses clock-controlled non-linear feedback registers filtered by a highly non-linear output function and was claimed to prevent any existing attacks. However, as we will show in this paper, there are some serious security weaknesses in COSvd (2,128). The poorly designed S-box generates biased keystream and the message could be restored by a ciphertext-only attack in some broadcast applications . Besides, we launch a divide-and-conquer attack to recover the secret keys from O(226)-byte known plaintext with high success rate and complexity O(2113), which is much lower than 2512, the complexity of exhaustive search.
ISSN:0302-9743
1611-3349
DOI:10.1007/11734727_23