Article ID: | iaor201111205 |
Volume: | 55 |
Issue: | 1-2 |
Start Page Number: | 123 |
End Page Number: | 133 |
Publication Date: | Jan 2012 |
Journal: | Mathematical and Computer Modelling |
Authors: | Lin Ding, Jie Guan |
Keywords: | security |
The Decim v1 is a hardware oriented stream cipher that was proposed by Berbain et al. and has been submitted to eSTREAM. Decim v2 is a revised version of Decim v1 and was submitted to ISO/IEC 18033‐4. Decim‐128 is a 128‐bit security version of Decim. In this paper, we propose related key chosen IV attacks on Decim v2 and Decim‐128. The attacks on Decim v2 and Decim‐128 can recover the 80‐bit and 128‐bit secret keys with computational complexity of 268/296, requiring 220/251 chosen IVs, 226/256.88‐bit stream sequence and negligible/ 242.58 bits space, respectively. When more than 8 and 10 related keys can be obtained for Decim v2 and Decim‐128, the computational complexity can be reduced to 232/238, requiring 223/233.32 chosen IVs, 229/239.25‐bit stream sequence and negligible/ 230.91 bits space, respectively. These results have been the best key recovery attacks on Decim v2 and Decim‐128.