International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

New Weaknesses in the Keystream Generation Algorithms of the Stream Ciphers TPy and Py

Authors:
Gautham Sekar
Souradyuti Paul
Bart Preneel
Download:
URL: http://eprint.iacr.org/2007/230
Search ePrint
Search Google
Abstract: The stream ciphers Py, Py6 designed by Biham and Seberry were promising candidates in the ECRYPT-eSTREAM project because of their impressive speed. Since their publication in April 2005, a number of cryptanalytic weaknesses of the ciphers have been discovered. As a result, a strengthened version Pypy was developed to repair these weaknesses; it was included in the category of `Focus ciphers' of the Phase II of the eSTREAM competition. However, even the new cipher Pypy was not free from flaws, resulting in a second redesign. This led to the generation of three new ciphers TPypy, TPy and TPy6. The designers claimed that TPy would be secure with a key size up to 256 bytes, i.e., 2048 bits. In February 2007, Sekar \emph{et al.\ }published an attack on TPy with $2^{281}$ data and comparable time. This paper shows how to build a distinguisher with $2^{275}$ key/IVs and one outputword for each key (i.e., the distinguisher can be constructed within the design specifications); it uses a different set of weak states of the TPy. Our results show that distinguishing attacks with complexity lower than the brute force exist if the key size of TPy is longer than 275 bits. Therefore, for such keys, our attack constitutes an academic break of the cipher. Furthermore, we discover a large number of similar bias-producing states of TPy and provide a general framework to compute them. The attacks on TPy are also shown to be effective on Py.
BibTeX
@misc{eprint-2007-13511,
  title={New Weaknesses in the Keystream Generation Algorithms of the Stream Ciphers TPy and Py},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography / Stream Cipher, PRBG, Distinguisher},
  url={http://eprint.iacr.org/2007/230},
  note={This is the full version of the paper to be published in the proceedings of ISC'07 Gautham.Sekar@esat.kuleuven.be 13840 received 12 Jun 2007, last revised 23 Nov 2007},
  author={Gautham Sekar and Souradyuti Paul and Bart Preneel},
  year=2007
}