Analysis and design of modern stream ciphers
(2003) 9th IMA International Conference 2898. p.66-66- Abstract
- When designing symmetric ciphers, security and performance are of utmost importance. When selecting a symmetric encryption algorithm, the first choice is whether to choose a block cipher or a stream cipher. Most modern block ciphers offer a sufficient security and a reasonably good performance. But a block cipher must usually be used in a stream cipher mode of operation, which suggests that using a pure stream cipher primitive might be beneficial.
Modern stream ciphers will indeed offer an improved performance compared with block ciphers (typically at least a factor 4-5 if measured in speed). However, the security of modern stream ciphers is not as well understood as for block ciphers. Most stream ciphers that have been widely... (More) - When designing symmetric ciphers, security and performance are of utmost importance. When selecting a symmetric encryption algorithm, the first choice is whether to choose a block cipher or a stream cipher. Most modern block ciphers offer a sufficient security and a reasonably good performance. But a block cipher must usually be used in a stream cipher mode of operation, which suggests that using a pure stream cipher primitive might be beneficial.
Modern stream ciphers will indeed offer an improved performance compared with block ciphers (typically at least a factor 4-5 if measured in speed). However, the security of modern stream ciphers is not as well understood as for block ciphers. Most stream ciphers that have been widely spread, like RC4, A5/1, have security weaknesses.
It is clear that modern stream cipher designs, represented by proposals like Panama, Mugi, Sober, Snow, Seal, Scream, Turing, Rabbit, Helix, and many more, are very far from classical designs like nonlinear filter generators, nonlinear combination generators, etc. One major difference is that classical designs are bit-oriented, whereas modern designs tend to operate on (e.g. 32 bit) words to provide efficient software implementations. This leads to usage of different operations. Modern stream ciphers use building blocks very similar to those used in block ciphers. Essentially all modern stream cipher designs use S-boxes in one way or the other and combine this with various linear operations, essentially following the old confuse and diffuse paradigm from Shannon.
In this invited talk, we will overview various methods for cryptanalysis of modern stream ciphers. This will include time-memory tradeoff attacks, correlation attacks, distinguishing attacks of different kinds, guess-and-determine type of attacks, and the recent and very interesting algebraic attacks. This will give us lots of useful feedback when considering the design of secure and fast stream ciphers. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/289794
- author
- Johansson, Thomas LU
- organization
- publishing date
- 2003
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- host publication
- Cryptography and Coding / Lecture Notes in Computer Science
- volume
- 2898
- pages
- 66 - 66
- publisher
- Springer
- conference name
- 9th IMA International Conference
- conference location
- Cirencester, United Kingdom
- conference dates
- 2003-12-16 - 2003-12-18
- external identifiers
-
- wos:000188182400006
- other:doi:10.1007/b93924
- ISSN
- 1611-3349
- 0302-9743
- ISBN
- 978-3-540-20663-7
- language
- English
- LU publication?
- yes
- id
- b6982fd2-12df-4deb-a272-f24559dc3d63 (old id 289794)
- alternative location
- http://www.springerlink.com/content/4kf36dxhlklc1n3m/fulltext.pdf
- date added to LUP
- 2016-04-01 12:03:47
- date last changed
- 2023-09-23 02:53:03
@inproceedings{b6982fd2-12df-4deb-a272-f24559dc3d63, abstract = {{When designing symmetric ciphers, security and performance are of utmost importance. When selecting a symmetric encryption algorithm, the first choice is whether to choose a block cipher or a stream cipher. Most modern block ciphers offer a sufficient security and a reasonably good performance. But a block cipher must usually be used in a stream cipher mode of operation, which suggests that using a pure stream cipher primitive might be beneficial.<br/><br> Modern stream ciphers will indeed offer an improved performance compared with block ciphers (typically at least a factor 4-5 if measured in speed). However, the security of modern stream ciphers is not as well understood as for block ciphers. Most stream ciphers that have been widely spread, like RC4, A5/1, have security weaknesses.<br/><br> It is clear that modern stream cipher designs, represented by proposals like Panama, Mugi, Sober, Snow, Seal, Scream, Turing, Rabbit, Helix, and many more, are very far from classical designs like nonlinear filter generators, nonlinear combination generators, etc. One major difference is that classical designs are bit-oriented, whereas modern designs tend to operate on (e.g. 32 bit) words to provide efficient software implementations. This leads to usage of different operations. Modern stream ciphers use building blocks very similar to those used in block ciphers. Essentially all modern stream cipher designs use S-boxes in one way or the other and combine this with various linear operations, essentially following the old confuse and diffuse paradigm from Shannon.<br/><br> In this invited talk, we will overview various methods for cryptanalysis of modern stream ciphers. This will include time-memory tradeoff attacks, correlation attacks, distinguishing attacks of different kinds, guess-and-determine type of attacks, and the recent and very interesting algebraic attacks. This will give us lots of useful feedback when considering the design of secure and fast stream ciphers.}}, author = {{Johansson, Thomas}}, booktitle = {{Cryptography and Coding / Lecture Notes in Computer Science}}, isbn = {{978-3-540-20663-7}}, issn = {{1611-3349}}, language = {{eng}}, pages = {{66--66}}, publisher = {{Springer}}, title = {{Analysis and design of modern stream ciphers}}, url = {{http://www.springerlink.com/content/4kf36dxhlklc1n3m/fulltext.pdf}}, volume = {{2898}}, year = {{2003}}, }