2007 | OriginalPaper | Buchkapitel
Two Trivial Attacks on Trivium
verfasst von : Alexander Maximov, Alex Biryukov
Erschienen in: Selected Areas in Cryptography
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Trivium
is a stream cipher designed in 2005 by C. De Cannière and B. Preneel for the European project eSTREAM. It has an internal state of 288 bits and the key of length 80 bits. Although the design has a simple and elegant structure, no attack on it has been found yet.
In this paper a family of
Trivium
-like designs is studied. We propose a set of techniques for methodological cryptanalysis of these structures in general, including state recovering and linear distinguishing attacks. In particular, we study the original
Trivium
and present a state recovering attack with time complexity around
c
2
83.5
, which is 2
30
faster than the best previous result. Our attack clearly shows that
Trivium
has a very thin safety margin and that in its current form it can not be used with longer 128-bit keys.
Finally, we identify interesting open problems and propose a new design
Trivium/128
, which resists all of our attacks proposed in this paper. It also accepts a 128 bit secret key due to the improved security level.