- Previous Article
- AMC Home
- This Issue
-
Next Article
The differential spectrum of a class of power functions over finite fields
Internal state recovery of Espresso stream cipher using conditional sampling resistance and TMDTO attack
Bosch India (RBEI/ESY), Bangalore, India |
Espresso is a stream cipher proposed for the 5G wireless communication system. Since the design of this cipher is based on the Galois configuration of NLFSR, the cipher has a short propagation delay, and it is the fastest among the ciphers below 1500 GE, including Grain-128 and Trivium. The time-memory-data tradeoff (TMDTO) attack on this cipher and finding the conditional BSW sampling resistance are difficult due to its Galois configuration. This paper demonstrates the calculation of conditional BSW-sampling resistance of Espresso stream cipher, which is based on Galois configuration, and also mounts the TMDTO attack on the cipher by employing the calculated sampling resistance. It is also shown that the attack complexities of TMDTO attack are lower than those claimed by the designers of the ciphers.
References:
[1] |
S. Babbage, A space/time tradeoff in exhaustive search attacks on stream ciphers, European Convention on Security and Detection, 408 (1995). Google Scholar |
[2] |
A. Biryukov and A. Shamir,
Cryptanalytic time/memory/data tradeoffs for stream ciphers, ASIACRYPT 2000, Lecture Notes in Computer Science, 1976 (2000), 1-13.
doi: 10.1007/3-540-44448-3_1. |
[3] |
A. Biryukov, A. Shamir and D. Wagner,
Real time cryptanalysis of A5/1 on a PC, Fast Software Encryption 2000, Lecture Notes in Computer Science, 1978 (2001), 37-44.
doi: 10.1007/3-540-44706-7_1. |
[4] |
T. E. Bjørstad, Cryptanalysis of grain using time/memory/data tradeoffs, (2008). Available from: http://www.ecrypt.eu.org/stream/grainp3.html. Google Scholar |
[5] |
C. Cannière and B. Preneel, Trivium, new stream cipher designs: The eSTREAM finalists, Lecture Notes in Computer Science, 4986 (2008), 244-266. Google Scholar |
[6] |
E. Dubrova,
A transformation from the Fibonacci to the Galois NLFSRs, IEEE Transactions on Information Theory, 55 (2009), 5263-5271.
doi: 10.1109/TIT.2009.2030467. |
[7] |
E. Dubrova and M. Hell,
A stream cipher for 5G wireless communications systems, Cryptography and Communications, 9 (2017), 273-289.
doi: 10.1007/s12095-015-0173-2. |
[8] |
J. Golić, Cryptanalysis of alleged $A5$ stream cipher, EUROCRYPT 1997, Lecture Notes in Computer Science, 1233 (1997), 239-255. Google Scholar |
[9] |
M. Hell, T. Johansson, A. Maximov and W. Meier, The Grain family of stream ciphers, new stream cipher designs: The eSTREAM finalists, Lecture Notes in Computer Science, 4986 (2008), 17-190. Google Scholar |
[10] |
M. E. Hellman,
A cryptanalytic time-memory trade-off, IEEE Transactions on Information Theory, 26 (1980), 401-406.
doi: 10.1109/TIT.1980.1056220. |
[11] |
J. Hong and P. Sarkar,
New applications of time memory data tradeoffs, ASIACRYPT 2005, Lecture Notes in Computer Science, Springer, Berlin, 3788 (2005), 353-372.
doi: 10.1007/11593447_19. |
[12] |
S. Maitra, N. Sinha, A. Siddhanti, R. Anand and S. Gangopadhyay,
A TMDTO attack against Lizard, IEEE Transactions on Computers, 67 (2018), 733-739.
doi: 10.1109/TC.2017.2773062. |
[13] |
M. J. Mihaljević, S. Gangopadhyay, G. Paul and H. Imai, Internal state recovery of Grain-v1 employing normality order of the filter function, IET Information Security, 6 (2012), 55-64. Google Scholar |
[14] |
M. J. Mihaljević, S. Gangopadhyay, G. Paul and H. Imai,
Generic cryptographic weakness of k-normal Boolean functions in certain stream ciphers and cryptanalysis of Grain-128, Periodica Mathematica Hungarica, 65 (2012), 205-227.
doi: 10.1007/s10998-012-4631-8. |
show all references
References:
[1] |
S. Babbage, A space/time tradeoff in exhaustive search attacks on stream ciphers, European Convention on Security and Detection, 408 (1995). Google Scholar |
[2] |
A. Biryukov and A. Shamir,
Cryptanalytic time/memory/data tradeoffs for stream ciphers, ASIACRYPT 2000, Lecture Notes in Computer Science, 1976 (2000), 1-13.
doi: 10.1007/3-540-44448-3_1. |
[3] |
A. Biryukov, A. Shamir and D. Wagner,
Real time cryptanalysis of A5/1 on a PC, Fast Software Encryption 2000, Lecture Notes in Computer Science, 1978 (2001), 37-44.
doi: 10.1007/3-540-44706-7_1. |
[4] |
T. E. Bjørstad, Cryptanalysis of grain using time/memory/data tradeoffs, (2008). Available from: http://www.ecrypt.eu.org/stream/grainp3.html. Google Scholar |
[5] |
C. Cannière and B. Preneel, Trivium, new stream cipher designs: The eSTREAM finalists, Lecture Notes in Computer Science, 4986 (2008), 244-266. Google Scholar |
[6] |
E. Dubrova,
A transformation from the Fibonacci to the Galois NLFSRs, IEEE Transactions on Information Theory, 55 (2009), 5263-5271.
doi: 10.1109/TIT.2009.2030467. |
[7] |
E. Dubrova and M. Hell,
A stream cipher for 5G wireless communications systems, Cryptography and Communications, 9 (2017), 273-289.
doi: 10.1007/s12095-015-0173-2. |
[8] |
J. Golić, Cryptanalysis of alleged $A5$ stream cipher, EUROCRYPT 1997, Lecture Notes in Computer Science, 1233 (1997), 239-255. Google Scholar |
[9] |
M. Hell, T. Johansson, A. Maximov and W. Meier, The Grain family of stream ciphers, new stream cipher designs: The eSTREAM finalists, Lecture Notes in Computer Science, 4986 (2008), 17-190. Google Scholar |
[10] |
M. E. Hellman,
A cryptanalytic time-memory trade-off, IEEE Transactions on Information Theory, 26 (1980), 401-406.
doi: 10.1109/TIT.1980.1056220. |
[11] |
J. Hong and P. Sarkar,
New applications of time memory data tradeoffs, ASIACRYPT 2005, Lecture Notes in Computer Science, Springer, Berlin, 3788 (2005), 353-372.
doi: 10.1007/11593447_19. |
[12] |
S. Maitra, N. Sinha, A. Siddhanti, R. Anand and S. Gangopadhyay,
A TMDTO attack against Lizard, IEEE Transactions on Computers, 67 (2018), 733-739.
doi: 10.1109/TC.2017.2773062. |
[13] |
M. J. Mihaljević, S. Gangopadhyay, G. Paul and H. Imai, Internal state recovery of Grain-v1 employing normality order of the filter function, IET Information Security, 6 (2012), 55-64. Google Scholar |
[14] |
M. J. Mihaljević, S. Gangopadhyay, G. Paul and H. Imai,
Generic cryptographic weakness of k-normal Boolean functions in certain stream ciphers and cryptanalysis of Grain-128, Periodica Mathematica Hungarica, 65 (2012), 205-227.
doi: 10.1007/s10998-012-4631-8. |
Row | Feedback bit calculaton because of (5) Column 0 | Feedback bit calculaton because of (6) Column 1 | Feedback bit calculaton because of (7) Column 2 | Feedback bit calculaton because of (8) Column 3 | Feedback bit calculaton because of (9) Column 4 | |||||
Feedback bits | State bits appeared on RHS of (5) | Feedback bits | State bits appeared on RHS of (6) | Feedback bits | State bits appeared on RHS of (7) | Feedback bits | State bits appeared on RHS of (8) | Feedback bits | State bits appeared on RHS of (2) | |
0 | ||||||||||
1 | ||||||||||
2 | ||||||||||
3 | ||||||||||
4 | ||||||||||
5 | ||||||||||
6 | ||||||||||
7 | ||||||||||
8 | ||||||||||
9 | ||||||||||
10 | ||||||||||
11 | ||||||||||
12 | ||||||||||
13 | ||||||||||
14 | ||||||||||
15 | ||||||||||
16 | ||||||||||
17 | ||||||||||
18 | ||||||||||
19 | ||||||||||
20 | ||||||||||
21 | ||||||||||
22 | ||||||||||
23 | ||||||||||
24 | ||||||||||
25 | ||||||||||
26 | ||||||||||
27 | ||||||||||
28 | ||||||||||
29 | ||||||||||
30 | ||||||||||
31 | ||||||||||
32 | ||||||||||
33 | ||||||||||
34 |
Row | Feedback bit calculaton because of (5) Column 0 | Feedback bit calculaton because of (6) Column 1 | Feedback bit calculaton because of (7) Column 2 | Feedback bit calculaton because of (8) Column 3 | Feedback bit calculaton because of (9) Column 4 | |||||
Feedback bits | State bits appeared on RHS of (5) | Feedback bits | State bits appeared on RHS of (6) | Feedback bits | State bits appeared on RHS of (7) | Feedback bits | State bits appeared on RHS of (8) | Feedback bits | State bits appeared on RHS of (2) | |
0 | ||||||||||
1 | ||||||||||
2 | ||||||||||
3 | ||||||||||
4 | ||||||||||
5 | ||||||||||
6 | ||||||||||
7 | ||||||||||
8 | ||||||||||
9 | ||||||||||
10 | ||||||||||
11 | ||||||||||
12 | ||||||||||
13 | ||||||||||
14 | ||||||||||
15 | ||||||||||
16 | ||||||||||
17 | ||||||||||
18 | ||||||||||
19 | ||||||||||
20 | ||||||||||
21 | ||||||||||
22 | ||||||||||
23 | ||||||||||
24 | ||||||||||
25 | ||||||||||
26 | ||||||||||
27 | ||||||||||
28 | ||||||||||
29 | ||||||||||
30 | ||||||||||
31 | ||||||||||
32 | ||||||||||
33 | ||||||||||
34 |
Row | Feedback bit calculaton because of (10) Column 5 | Feedback bit calculaton because of (11) Column 6 | Feedback bit calculaton because of (12) Column 7 | Feedback bit calculaton because of (13) Column 8 | Feedback bit calculaton because of (14) Column 9 | |||||
Feedback bits | State bits appeared on RHS of (10) | Feedback bits | State bits appeared on RHS of (11) | Feedback bits | State bits appeared on RHS of (12) | Feedback bits | State bits appeared on RHS of (13) | Feedback bits | State bits appeared on RHS of (14) | |
0 | ||||||||||
1 | ||||||||||
2 | ||||||||||
3 | ||||||||||
4 | ||||||||||
5 | ||||||||||
6 | ||||||||||
7 | ||||||||||
8 | ||||||||||
9 | ||||||||||
10 | ||||||||||
11 | ||||||||||
12 | ||||||||||
13 | ||||||||||
14 | ||||||||||
15 | ||||||||||
16 | ||||||||||
17 | ||||||||||
18 | ||||||||||
19 | ||||||||||
20 | ||||||||||
21 | ||||||||||
22 | ||||||||||
23 | ||||||||||
24 | ||||||||||
25 | ||||||||||
26 | ||||||||||
27 | ||||||||||
28 | ||||||||||
29 | ||||||||||
30 | ||||||||||
31 | ||||||||||
32 | ||||||||||
33 | ||||||||||
34 |
Row | Feedback bit calculaton because of (10) Column 5 | Feedback bit calculaton because of (11) Column 6 | Feedback bit calculaton because of (12) Column 7 | Feedback bit calculaton because of (13) Column 8 | Feedback bit calculaton because of (14) Column 9 | |||||
Feedback bits | State bits appeared on RHS of (10) | Feedback bits | State bits appeared on RHS of (11) | Feedback bits | State bits appeared on RHS of (12) | Feedback bits | State bits appeared on RHS of (13) | Feedback bits | State bits appeared on RHS of (14) | |
0 | ||||||||||
1 | ||||||||||
2 | ||||||||||
3 | ||||||||||
4 | ||||||||||
5 | ||||||||||
6 | ||||||||||
7 | ||||||||||
8 | ||||||||||
9 | ||||||||||
10 | ||||||||||
11 | ||||||||||
12 | ||||||||||
13 | ||||||||||
14 | ||||||||||
15 | ||||||||||
16 | ||||||||||
17 | ||||||||||
18 | ||||||||||
19 | ||||||||||
20 | ||||||||||
21 | ||||||||||
22 | ||||||||||
23 | ||||||||||
24 | ||||||||||
25 | ||||||||||
26 | ||||||||||
27 | ||||||||||
28 | ||||||||||
29 | ||||||||||
30 | ||||||||||
31 | ||||||||||
32 | ||||||||||
33 | ||||||||||
34 |
Row | Feedback bit calculaton because of (15) Column 10 | Feedback bit calculaton because of (16) Column11 | Feedback bit calculaton because of (17) Column 12 | Feedback bit calculaton because of (18) Column 13 | ||||
Feedback bits | State bits appeared on RHS of (15) | Feedback bits | State bits appeared on RHS of (16) | Feedback bits | State bits appeared on RHS of (17) | Feedback bits | State bits appeared on RHS of (18) | |
0 | ||||||||
1 | ||||||||
2 | ||||||||
3 | ||||||||
4 | ||||||||
5 | ||||||||
6 | ||||||||
7 | ||||||||
8 | ||||||||
9 | ||||||||
10 | ||||||||
11 | ||||||||
12 | ||||||||
13 | ||||||||
14 | ||||||||
15 | ||||||||
16 | ||||||||
17 | ||||||||
18 | ||||||||
19 | ||||||||
20 | ||||||||
21 | ||||||||
22 | ||||||||
23 | ||||||||
24 | ||||||||
25 | ||||||||
26 | ||||||||
27 | ||||||||
28 | ||||||||
29 | ||||||||
30 | ||||||||
31 | ||||||||
32 | ||||||||
33 | ||||||||
34 |
Row | Feedback bit calculaton because of (15) Column 10 | Feedback bit calculaton because of (16) Column11 | Feedback bit calculaton because of (17) Column 12 | Feedback bit calculaton because of (18) Column 13 | ||||
Feedback bits | State bits appeared on RHS of (15) | Feedback bits | State bits appeared on RHS of (16) | Feedback bits | State bits appeared on RHS of (17) | Feedback bits | State bits appeared on RHS of (18) | |
0 | ||||||||
1 | ||||||||
2 | ||||||||
3 | ||||||||
4 | ||||||||
5 | ||||||||
6 | ||||||||
7 | ||||||||
8 | ||||||||
9 | ||||||||
10 | ||||||||
11 | ||||||||
12 | ||||||||
13 | ||||||||
14 | ||||||||
15 | ||||||||
16 | ||||||||
17 | ||||||||
18 | ||||||||
19 | ||||||||
20 | ||||||||
21 | ||||||||
22 | ||||||||
23 | ||||||||
24 | ||||||||
25 | ||||||||
26 | ||||||||
27 | ||||||||
28 | ||||||||
29 | ||||||||
30 | ||||||||
31 | ||||||||
32 | ||||||||
33 | ||||||||
34 |
Step/Row | Equations used for recovery |
0 | |
1 | |
2 | |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
18 | |
19 | |
20 | |
21 | |
22 | |
23 | |
24 | |
25 | |
26 | |
27 | |
28 | |
29 | |
30 | |
31 | |
32 | |
33 | |
34 |
Step/Row | Equations used for recovery |
0 | |
1 | |
2 | |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
18 | |
19 | |
20 | |
21 | |
22 | |
23 | |
24 | |
25 | |
26 | |
27 | |
28 | |
29 | |
30 | |
31 | |
32 | |
33 | |
34 |
[1] |
Haili Qiao, Aijie Cheng. A fast high order method for time fractional diffusion equation with non-smooth data. Discrete & Continuous Dynamical Systems - B, 2021 doi: 10.3934/dcdsb.2021073 |
[2] |
Masahiro Ikeda, Ziheng Tu, Kyouhei Wakasa. Small data blow-up of semi-linear wave equation with scattering dissipation and time-dependent mass. Evolution Equations & Control Theory, 2021 doi: 10.3934/eect.2021011 |
[3] |
Zhisu Liu, Yicheng Liu, Xiang Li. Flocking and line-shaped spatial configuration to delayed Cucker-Smale models. Discrete & Continuous Dynamical Systems - B, 2021, 26 (7) : 3693-3716. doi: 10.3934/dcdsb.2020253 |
[4] |
Michael Grinfeld, Amy Novick-Cohen. Some remarks on stability for a phase field model with memory. Discrete & Continuous Dynamical Systems, 2006, 15 (4) : 1089-1117. doi: 10.3934/dcds.2006.15.1089 |
[5] |
Ravi Anand, Dibyendu Roy, Santanu Sarkar. Some results on lightweight stream ciphers Fountain v1 & Lizard. Advances in Mathematics of Communications, 2020 doi: 10.3934/amc.2020128 |
[6] |
Qi Deng, Zhipeng Qiu, Ting Guo, Libin Rong. Modeling within-host viral dynamics: The role of CTL immune responses in the evolution of drug resistance. Discrete & Continuous Dynamical Systems - B, 2021, 26 (7) : 3543-3562. doi: 10.3934/dcdsb.2020245 |
[7] |
Shixiong Wang, Longjiang Qu, Chao Li, Shaojing Fu, Hao Chen. Finding small solutions of the equation $ \mathit{{Bx-Ay = z}} $ and its applications to cryptanalysis of the RSA cryptosystem. Advances in Mathematics of Communications, 2021, 15 (3) : 441-469. doi: 10.3934/amc.2020076 |
[8] |
Paul E. Anderson, Timothy P. Chartier, Amy N. Langville, Kathryn E. Pedings-Behling. The rankability of weighted data from pairwise comparisons. Foundations of Data Science, 2021, 3 (1) : 1-26. doi: 10.3934/fods.2021002 |
[9] |
Mansour Shrahili, Ravi Shanker Dubey, Ahmed Shafay. Inclusion of fading memory to Banister model of changes in physical condition. Discrete & Continuous Dynamical Systems - S, 2020, 13 (3) : 881-888. doi: 10.3934/dcdss.2020051 |
[10] |
Hailing Xuan, Xiaoliang Cheng. Numerical analysis and simulation of an adhesive contact problem with damage and long memory. Discrete & Continuous Dynamical Systems - B, 2021, 26 (5) : 2781-2804. doi: 10.3934/dcdsb.2020205 |
[11] |
Hailing Xuan, Xiaoliang Cheng. Numerical analysis of a thermal frictional contact problem with long memory. Communications on Pure & Applied Analysis, , () : -. doi: 10.3934/cpaa.2021031 |
[12] |
Tayeb Hadj Kaddour, Michael Reissig. Global well-posedness for effectively damped wave models with nonlinear memory. Communications on Pure & Applied Analysis, , () : -. doi: 10.3934/cpaa.2021057 |
[13] |
Alessandro Fonda, Rodica Toader. A dynamical approach to lower and upper solutions for planar systems "To the memory of Massimo Tarallo". Discrete & Continuous Dynamical Systems, 2021, 41 (8) : 3683-3708. doi: 10.3934/dcds.2021012 |
[14] |
Habib Ammari, Josselin Garnier, Vincent Jugnon. Detection, reconstruction, and characterization algorithms from noisy data in multistatic wave imaging. Discrete & Continuous Dynamical Systems - S, 2015, 8 (3) : 389-417. doi: 10.3934/dcdss.2015.8.389 |
[15] |
Cheng-Kai Hu, Fung-Bao Liu, Hong-Ming Chen, Cheng-Feng Hu. Network data envelopment analysis with fuzzy non-discretionary factors. Journal of Industrial & Management Optimization, 2021, 17 (4) : 1795-1807. doi: 10.3934/jimo.2020046 |
[16] |
Woocheol Choi, Youngwoo Koh. On the splitting method for the nonlinear Schrödinger equation with initial data in $ H^1 $. Discrete & Continuous Dynamical Systems, 2021, 41 (8) : 3837-3867. doi: 10.3934/dcds.2021019 |
[17] |
Yangrong Li, Fengling Wang, Shuang Yang. Part-convergent cocycles and semi-convergent attractors of stochastic 2D-Ginzburg-Landau delay equations toward zero-memory. Discrete & Continuous Dynamical Systems - B, 2021, 26 (7) : 3643-3665. doi: 10.3934/dcdsb.2020250 |
[18] |
Marion Darbas, Jérémy Heleine, Stephanie Lohrengel. Numerical resolution by the quasi-reversibility method of a data completion problem for Maxwell's equations. Inverse Problems & Imaging, 2020, 14 (6) : 1107-1133. doi: 10.3934/ipi.2020056 |
[19] |
Xiaoyi Zhou, Tong Ye, Tony T. Lee. Designing and analysis of a Wi-Fi data offloading strategy catering for the preference of mobile users. Journal of Industrial & Management Optimization, 2021 doi: 10.3934/jimo.2021038 |
[20] |
Lei Zhang, Luming Jia. Near-field imaging for an obstacle above rough surfaces with limited aperture data. Inverse Problems & Imaging, , () : -. doi: 10.3934/ipi.2021024 |
2019 Impact Factor: 0.734
Tools
Metrics
Other articles
by authors
[Back to Top]