Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

Greedy distinguishers and nonrandomness detectors

Stankovski, Paul LU orcid (2010) INDOCRYPT 2010, 11th International Conference on Cryptology in India 6498. p.210-226
Abstract
We present the concept of greedy distinguishers and show how some simple observations and the well known greedy heuristic can be combined into a very powerful strategy (the Greedy Bit Set Algorithm) for efficient and systematic construction of distinguishers and nonrandomness detectors. We show how this strategy can be applied to a large array of stream and block ciphers, and we show that our method outperforms every other method we have seen so far by presenting new and record-breaking results for Trivium, Grain-$128$ and Grain v1.



We show that the greedy strategy reveals weaknesses in Trivium reduced to $1026$ (out of $1152$) initialization rounds using $2^{45}$ complexity -- a result that significantly improves all... (More)
We present the concept of greedy distinguishers and show how some simple observations and the well known greedy heuristic can be combined into a very powerful strategy (the Greedy Bit Set Algorithm) for efficient and systematic construction of distinguishers and nonrandomness detectors. We show how this strategy can be applied to a large array of stream and block ciphers, and we show that our method outperforms every other method we have seen so far by presenting new and record-breaking results for Trivium, Grain-$128$ and Grain v1.



We show that the greedy strategy reveals weaknesses in Trivium reduced to $1026$ (out of $1152$) initialization rounds using $2^{45}$ complexity -- a result that significantly improves all previous efforts. This result was further improved using a cluster; $1078$ rounds at $2^{54}$ complexity. We also present an $806$-round distinguisher for Trivium with $2^{44}$ complexity.



Distinguisher and nonrandomness records are also set for Grain-$128$. We show nonrandomness for the full Grain-$128$ with its $256$ (out of $256$) initialization rounds, and present a $246$-round distinguisher with complexity $2^{42}$.



For Grain v1 we show nonrandomness for $96$ (out of $160$) initialization rounds at the very modest complexity of $2^7$, and a $90$-round distinguisher with complexity $2^{39}$.



On the theoretical side we define the Nonrandomness Threshold, which explicitly expresses the nature of the randomness limit that is being explored. (Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
keywords
algebraic cryptanalysis, distinguisher, nonrandomness detector, maximum degree monomial, Trivium, Grain, Rabbit, Edon80, AES, DES, XTEA, TEA, SEED, PRESENT, SMS4, Camellia, RC6, RC5, HIGHT, CLEFIA, Sosemanuk, HC, MICKEY, Salsa
host publication
Progress in Cryptology - INDOCRYPT 2010 / Lecture Notes in Computer Science
editor
Gong, Guang and Gupta, Kishan Chand
volume
6498
pages
17 pages
publisher
Springer
conference name
INDOCRYPT 2010, 11th International Conference on Cryptology in India
conference location
Hyderabad, India
conference dates
2010-12-12 - 2010-12-15
external identifiers
  • wos:000293683800016
  • scopus:78651077262
ISSN
1611-3349
0302-9743
ISBN
978-3-642-17400-1
DOI
10.1007/978-3-642-17401-8_16
language
English
LU publication?
yes
id
3b8b8665-25eb-4d19-8305-f2614cc67a95 (old id 1747288)
date added to LUP
2016-04-01 09:56:19
date last changed
2025-10-14 12:32:33
@inproceedings{3b8b8665-25eb-4d19-8305-f2614cc67a95,
  abstract     = {{We present the concept of greedy distinguishers and show how some simple observations and the well known greedy heuristic can be combined into a very powerful strategy (the Greedy Bit Set Algorithm) for efficient and systematic construction of distinguishers and nonrandomness detectors. We show how this strategy can be applied to a large array of stream and block ciphers, and we show that our method outperforms every other method we have seen so far by presenting new and record-breaking results for Trivium, Grain-$128$ and Grain v1.<br/><br>
<br/><br>
We show that the greedy strategy reveals weaknesses in Trivium reduced to $1026$ (out of $1152$) initialization rounds using $2^{45}$ complexity -- a result that significantly improves all previous efforts. This result was further improved using a cluster; $1078$ rounds at $2^{54}$ complexity. We also present an $806$-round distinguisher for Trivium with $2^{44}$ complexity.<br/><br>
<br/><br>
Distinguisher and nonrandomness records are also set for Grain-$128$. We show nonrandomness for the full Grain-$128$ with its $256$ (out of $256$) initialization rounds, and present a $246$-round distinguisher with complexity $2^{42}$.<br/><br>
<br/><br>
For Grain v1 we show nonrandomness for $96$ (out of $160$) initialization rounds at the very modest complexity of $2^7$, and a $90$-round distinguisher with complexity $2^{39}$.<br/><br>
<br/><br>
On the theoretical side we define the Nonrandomness Threshold, which explicitly expresses the nature of the randomness limit that is being explored.}},
  author       = {{Stankovski, Paul}},
  booktitle    = {{Progress in Cryptology - INDOCRYPT 2010 / Lecture Notes in Computer Science}},
  editor       = {{Gong, Guang and Gupta, Kishan Chand}},
  isbn         = {{978-3-642-17400-1}},
  issn         = {{1611-3349}},
  keywords     = {{algebraic cryptanalysis; distinguisher; nonrandomness detector; maximum degree monomial; Trivium; Grain; Rabbit; Edon80; AES; DES; XTEA; TEA; SEED; PRESENT; SMS4; Camellia; RC6; RC5; HIGHT; CLEFIA; Sosemanuk; HC; MICKEY; Salsa}},
  language     = {{eng}},
  pages        = {{210--226}},
  publisher    = {{Springer}},
  title        = {{Greedy distinguishers and nonrandomness detectors}},
  url          = {{https://lup.lub.lu.se/search/files/1406305/1747313.pdf}},
  doi          = {{10.1007/978-3-642-17401-8_16}},
  volume       = {{6498}},
  year         = {{2010}},
}