Related key chosen IV attacks on Decim v2 and Decim‐128

The Decim v1 is a hardware oriented stream cipher that was proposed by Berbain et al. and has been submitted to eSTREAM. Decim v2 is a revised version of Decim v1 and was submitted to ISO/IEC 18033‐4. Decim‐128 is a 128‐bit security version of Decim. In this paper, we propose related key chosen IV attacks on Decim v2 and Decim‐128. The attacks on Decim v2 and Decim‐128 can recover the 80‐bit and 128‐bit secret keys with computational complexity of 2⁶⁸/2⁹⁶, requiring 2²⁰/2⁵¹ chosen IVs, 2²⁶/2^56.88‐bit stream sequence and negligible/ 2^42.58 bits space, respectively. When more than 8 and 10 related keys can be obtained for Decim v2 and Decim‐128, the computational complexity can be reduced to 2³²/2³⁸, requiring 2²³/2^33.32 chosen IVs, 2²⁹/2^39.25‐bit stream sequence and negligible/ 2^30.91 bits space, respectively. These results have been the best key recovery attacks on Decim v2 and Decim‐128.