IACR News item: 11 February 2025
Tim Beyne, Michiel Verbauwhede
ePrint Report
It is shown that the stream cipher proposed by Carlet and Sarkar in ePrint report 2025/160 is insecure. More precisely, one bit of the key can be deduced from a few keystream bytes. This property extends to an efficient key-recovery attack. For example, for the proposal with 80 bit keys, a few kilobytes of keystream material are sufficient to recover half of the key.
Additional news items may be found on the IACR news page.