In SASC 2007, we presented a linear approximation for reduced round Trivium. Here is the abstract of the paper:
Existence of linear approximations based on key, IV and outputbits with non-negligible biases is a serious threat for thesecurity of synchronous stream ciphers. In this study, we focus onthe cipher Trivium, which is one of the strong candidates of theECRYPT project. No weaknesses of full Trivium have been reportedso far. We defined a reduced version of the cipher in terms ofnumber of initial clockings and found a linear approximation withbias $2^{-43}$. Using this approximation alone is not enough tobreak the cipher, however, it can be combined with similarapproximations to attack the cipher. Also, we propose a change inthe key and IV loading method, by which it gets harder to findlinear approximations.
You can reach the full paper using the link . Better approximations were obtained by Vielhaber, pdf.
Bibtex:
@inproceedings{STuran_Kara07,
author = {M. S\"{o}nmez Turan and O. Kara},
title = {Linear Approximations for 2-round Trivium},
booktitle = {Proc. First International Conference on Security of Information and Networks (SIN 2007)},
year = {2007},
isbn = {978--1--4251--4109--7},
pages = {96--105},
location = {Gazimagusa, TRNC},
publisher = {Trafford Publishing},
}
No comments:
Post a Comment