Spectral analysis of ZUC-256

Yang, Jing; Johansson, Thomas; Maximov, Alexander

Spectral analysis of ZUC-256

Mark

Yang, Jing ^LU ; Johansson, Thomas ^LU

and Maximov, Alexander ^LU (2020) In IACR Transactions on Symmetric Cryptology 2020(1). p.266-288

Abstract: In this paper we develop a number of generic techniques and algorithms in spectral analysis of large linear approximations for use in cryptanalysis. We apply the developed tools for cryptanalysis of ZUC-256 and give a distinguishing attack with complexity around 2²³⁶ . Although the attack is only 2²⁰ times faster than exhaustive key search, the result indicates that ZUC-256 does not provide a source with full 256-bit entropy in the generated keystream, which would be expected from a 256-bit key. To the best of our knowledge, this is the first known academic attack on full ZUC-256 with a computational complexity that is below exhaustive key search.

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/e9e2f4d4-638a-4d07-9c0b-f0b050c3d92e

author

Yang, Jing ^LU ; Johansson, Thomas ^LU

and Maximov, Alexander ^LU

organization

publishing date

2020-05-07

type

Contribution to journal

publication status

published

subject

Computer Science

keywords

5G Mobile System Security, Stream Cipher, ZUC-256

in

IACR Transactions on Symmetric Cryptology

volume

2020

issue

1

pages

23 pages

publisher

Ruhr-Universität Bochum

external identifiers

scopus:85084736039

ISSN

2519-173X

DOI

10.13154/tosc.v2020.i1.266-288

language

English

LU publication?

yes

id

e9e2f4d4-638a-4d07-9c0b-f0b050c3d92e

date added to LUP

2020-06-10 15:44:51

date last changed

2023-09-10 04:25:23

@article{e9e2f4d4-638a-4d07-9c0b-f0b050c3d92e,
  abstract     = {{<p>In this paper we develop a number of generic techniques and algorithms in spectral analysis of large linear approximations for use in cryptanalysis. We apply the developed tools for cryptanalysis of ZUC-256 and give a distinguishing attack with complexity around 2<sup>236</sup> . Although the attack is only 2<sup>20</sup> times faster than exhaustive key search, the result indicates that ZUC-256 does not provide a source with full 256-bit entropy in the generated keystream, which would be expected from a 256-bit key. To the best of our knowledge, this is the first known academic attack on full ZUC-256 with a computational complexity that is below exhaustive key search.</p>}},
  author       = {{Yang, Jing and Johansson, Thomas and Maximov, Alexander}},
  issn         = {{2519-173X}},
  keywords     = {{5G Mobile System Security; Stream Cipher; ZUC-256}},
  language     = {{eng}},
  month        = {{05}},
  number       = {{1}},
  pages        = {{266--288}},
  publisher    = {{Ruhr-Universität Bochum}},
  series       = {{IACR Transactions on Symmetric Cryptology}},
  title        = {{Spectral analysis of ZUC-256}},
  url          = {{http://dx.doi.org/10.13154/tosc.v2020.i1.266-288}},
  doi          = {{10.13154/tosc.v2020.i1.266-288}},
  volume       = {{2020}},
  year         = {{2020}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

Spectral analysis of ZUC-256