Abstract | ||
---|---|---|
The COSvd (2,128) cipher was proposed at the ECRYPT SASC'2004 workshop by Filiol et. al to strengthen the past COS (2,128) stream cipher. It uses clock-controlled non-linear feedback registers filtered by a highly non-linear output function and was claimed to prevent any existing attacks. However, as we will show in this paper, there are some serious security weaknesses in COSvd (2,128). The poorly designed S-box generates biased keystream and the message could be restored by a ciphertext-only attack in some broadcast applications . Besides, we launch a divide-and-conquer attack to recover the secret keys from O(226)-byte known plaintext with high success rate and complexity O(2113), which is much lower than 2512, the complexity of exhaustive search. |
Year | DOI | Venue |
---|---|---|
2005 | null | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
Keywords | Field | DocType |
non-linear feedback,existing attack,ciphertext-only attack,stream cipher,filiol et,non-linear output function,complexity o,divide-and-conquer attack,ecrypt sasc,broadcast application,divide and conquer,linear feedback shift register,exhaustive search | Transposition cipher,Weak key,Computer science,Computer security,Fluhrer, Mantin and Shamir attack,Theoretical computer science,Running key cipher,Stream cipher,Related-key attack,Stream cipher attack,Slide attack | Conference |
Volume | Issue | ISSN |
3935 LNCS | null | 16113349 |
ISBN | Citations | PageRank |
3-540-33354-1 | 1 | 0.35 |
References | Authors | |
7 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Bin Zhang | 1 | 32 | 9.03 |
Hongjun Wu | 2 | 75 | 9.56 |
Deng-Guo Feng | 3 | 1991 | 190.95 |
wang | 4 | 34 | 2.96 |