Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

Analysis and design of modern stream ciphers

Johansson, Thomas LU orcid (2003) 9th IMA International Conference 2898. p.66-66
Abstract
When designing symmetric ciphers, security and performance are of utmost importance. When selecting a symmetric encryption algorithm, the first choice is whether to choose a block cipher or a stream cipher. Most modern block ciphers offer a sufficient security and a reasonably good performance. But a block cipher must usually be used in a stream cipher mode of operation, which suggests that using a pure stream cipher primitive might be beneficial.

Modern stream ciphers will indeed offer an improved performance compared with block ciphers (typically at least a factor 4-5 if measured in speed). However, the security of modern stream ciphers is not as well understood as for block ciphers. Most stream ciphers that have been widely... (More)
When designing symmetric ciphers, security and performance are of utmost importance. When selecting a symmetric encryption algorithm, the first choice is whether to choose a block cipher or a stream cipher. Most modern block ciphers offer a sufficient security and a reasonably good performance. But a block cipher must usually be used in a stream cipher mode of operation, which suggests that using a pure stream cipher primitive might be beneficial.

Modern stream ciphers will indeed offer an improved performance compared with block ciphers (typically at least a factor 4-5 if measured in speed). However, the security of modern stream ciphers is not as well understood as for block ciphers. Most stream ciphers that have been widely spread, like RC4, A5/1, have security weaknesses.

It is clear that modern stream cipher designs, represented by proposals like Panama, Mugi, Sober, Snow, Seal, Scream, Turing, Rabbit, Helix, and many more, are very far from classical designs like nonlinear filter generators, nonlinear combination generators, etc. One major difference is that classical designs are bit-oriented, whereas modern designs tend to operate on (e.g. 32 bit) words to provide efficient software implementations. This leads to usage of different operations. Modern stream ciphers use building blocks very similar to those used in block ciphers. Essentially all modern stream cipher designs use S-boxes in one way or the other and combine this with various linear operations, essentially following the old confuse and diffuse paradigm from Shannon.

In this invited talk, we will overview various methods for cryptanalysis of modern stream ciphers. This will include time-memory tradeoff attacks, correlation attacks, distinguishing attacks of different kinds, guess-and-determine type of attacks, and the recent and very interesting algebraic attacks. This will give us lots of useful feedback when considering the design of secure and fast stream ciphers. (Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
host publication
Cryptography and Coding / Lecture Notes in Computer Science
volume
2898
pages
66 - 66
publisher
Springer
conference name
9th IMA International Conference
conference location
Cirencester, United Kingdom
conference dates
2003-12-16 - 2003-12-18
external identifiers
  • wos:000188182400006
  • other:doi:10.1007/b93924
ISSN
1611-3349
0302-9743
ISBN
978-3-540-20663-7
language
English
LU publication?
yes
id
b6982fd2-12df-4deb-a272-f24559dc3d63 (old id 289794)
alternative location
http://www.springerlink.com/content/4kf36dxhlklc1n3m/fulltext.pdf
date added to LUP
2016-04-01 12:03:47
date last changed
2023-09-23 02:53:03
@inproceedings{b6982fd2-12df-4deb-a272-f24559dc3d63,
  abstract     = {{When designing symmetric ciphers, security and performance are of utmost importance. When selecting a symmetric encryption algorithm, the first choice is whether to choose a block cipher or a stream cipher. Most modern block ciphers offer a sufficient security and a reasonably good performance. But a block cipher must usually be used in a stream cipher mode of operation, which suggests that using a pure stream cipher primitive might be beneficial.<br/><br>
Modern stream ciphers will indeed offer an improved performance compared with block ciphers (typically at least a factor 4-5 if measured in speed). However, the security of modern stream ciphers is not as well understood as for block ciphers. Most stream ciphers that have been widely spread, like RC4, A5/1, have security weaknesses.<br/><br>
It is clear that modern stream cipher designs, represented by proposals like Panama, Mugi, Sober, Snow, Seal, Scream, Turing, Rabbit, Helix, and many more, are very far from classical designs like nonlinear filter generators, nonlinear combination generators, etc. One major difference is that classical designs are bit-oriented, whereas modern designs tend to operate on (e.g. 32 bit) words to provide efficient software implementations. This leads to usage of different operations. Modern stream ciphers use building blocks very similar to those used in block ciphers. Essentially all modern stream cipher designs use S-boxes in one way or the other and combine this with various linear operations, essentially following the old confuse and diffuse paradigm from Shannon.<br/><br>
In this invited talk, we will overview various methods for cryptanalysis of modern stream ciphers. This will include time-memory tradeoff attacks, correlation attacks, distinguishing attacks of different kinds, guess-and-determine type of attacks, and the recent and very interesting algebraic attacks. This will give us lots of useful feedback when considering the design of secure and fast stream ciphers.}},
  author       = {{Johansson, Thomas}},
  booktitle    = {{Cryptography and Coding / Lecture Notes in Computer Science}},
  isbn         = {{978-3-540-20663-7}},
  issn         = {{1611-3349}},
  language     = {{eng}},
  pages        = {{66--66}},
  publisher    = {{Springer}},
  title        = {{Analysis and design of modern stream ciphers}},
  url          = {{http://www.springerlink.com/content/4kf36dxhlklc1n3m/fulltext.pdf}},
  volume       = {{2898}},
  year         = {{2003}},
}