Related key chosen IV attacks on Decim v2 and Decim‐128

Related key chosen IV attacks on Decim v2 and Decim‐128

0.00 Avg rating0 Votes
Article ID: iaor201111205
Volume: 55
Issue: 1-2
Start Page Number: 123
End Page Number: 133
Publication Date: Jan 2012
Journal: Mathematical and Computer Modelling
Authors: ,
Keywords: security
Abstract:

The Decim v1 is a hardware oriented stream cipher that was proposed by Berbain et al. and has been submitted to eSTREAM. Decim v2 is a revised version of Decim v1 and was submitted to ISO/IEC 18033‐4. Decim‐128 is a 128‐bit security version of Decim. In this paper, we propose related key chosen IV attacks on Decim v2 and Decim‐128. The attacks on Decim v2 and Decim‐128 can recover the 80‐bit and 128‐bit secret keys with computational complexity of 268/296, requiring 220/251 chosen IVs, 226/256.88‐bit stream sequence and negligible/ 242.58 bits space, respectively. When more than 8 and 10 related keys can be obtained for Decim v2 and Decim‐128, the computational complexity can be reduced to 232/238, requiring 223/233.32 chosen IVs, 229/239.25‐bit stream sequence and negligible/ 230.91 bits space, respectively. These results have been the best key recovery attacks on Decim v2 and Decim‐128.

Reviews

Required fields are marked *. Your email address will not be published.