Abstract
The stream cipher Py designed by Biham and Seberry is a submission to the ECRYPT stream cipher competition. The cipher is based on two large arrays (one is 256 bytes and the other is 1040 bytes) and it is designed for high speed software applications (Py is more than 2.5 times faster than the RC4 on Pentium III). The paper shows a statistical bias in the distribution of its output-words at the 1st and 3rd rounds. Exploiting this weakness, a distinguisher with advantage greater than 50% is constructed that requires 284.7 randomly chosen key/IV’s and the first 24 output bytes for each key. The running time and the data required by the distinguisher are t 2 84.7 and 289.2 respectively (t denotes the running time of the key/IV setup). We further show that the data requirement can be reduced by a factor of about 3 with a distinguisher that considers outputs of later rounds. In such case the running time is reduced to t284.7 (t denotes the time for a single round of Py). The Py specification allows a 256-bit key and a keystream of 264 bytes per key/IV. As an ideally secure stream cipher with the above specifications should be able to resist the attacks described before, our results constitute an academic break of Py. In addition we have identified several biases among pairs of bits; it seems possible to combine all the biases to build more efficient distinguishers.
This work was supported in part by the Concerted Research Action (GOA) Mefisto 2000/06 and Ambiorix 2005/11 of the Flemish Government and in part by the European Commission through the IST Programme under Contract IST-2002-507932 ECRYPT.
Chapter PDF
Similar content being viewed by others
References
Baignéres, T., Junod, P., Vaudenay, S.: How Far Can We Go Beyond Linear Cryptanalysis? In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 432–450. Springer, Heidelberg (2004)
Biham, E.: Personal Communication (December 2005)
Biham, E., Seberry, J.: Py. (Roo): A Fast and Secure Stream Cipher using Rolling Arrays. eSTREAM, ECRYPT Stream Cipher Project, Report 2005/023 (2005)
Blum, M., Micali, S.: How to Generate Cyptographically Strong Sequence of Psudorandom Bits. Siam Journal of Computing 13(4), 850–864 (1984)
Crowley, P.: Improved Cryptanalysis of Py. Workshop Record of SASC 2006 – Stream Ciphers Revisited, In: ECRYPT Network of Excellence in Cryptology, Leuven (Belgium), pp. 52–60 (February 2006)
Bernstein, D.J.: Comparison of 256-bit stream ciphers at the beginning of 2006, Workshop Record of SASC, – Stream Ciphers Revisited, ECRYPT Network of Excellence in Cryptology, pp. 70–83 (2006)
Ecrypt, http://www.ecrypt.eu.org
Goldreich, O.: Lecture Notes on Pseudorandomness–Part-I. Department of Computer Science, Wiezmann Institute of Science, Rehovot, Israel (January 23, 2001)
Gong, G., Gupta, K.C., Hell, M., Nawaz, Y.: Towards a General RC4-Like Keystream Generator. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 162–174. Springer, Heidelberg (2005)
Jenkins Jr., R.J.: ISAAC. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 41–49. Springer, Heidelberg (1996)
Mantin, I., Shamir, A.: A Practical Attack on Broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002)
NESSIE: New European Schemes for Signature, Integrity and Encryption, http://www.cryptonessie.org
Paul, S., Preneel, B.: A NewWeakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 245–259. Springer, Heidelberg (2004)
Wu, H.: A New Stream Cipher HC-256. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 226–244. Springer, Heidelberg (2004)
Zoltak, B.: VMPC One-Way Function and Stream Cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 210–225. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Paul, S., Preneel, B., Sekar, G. (2006). Distinguishing Attacks on the Stream Cipher Py. In: Robshaw, M. (eds) Fast Software Encryption. FSE 2006. Lecture Notes in Computer Science, vol 4047. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11799313_26
Download citation
DOI: https://doi.org/10.1007/11799313_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36597-6
Online ISBN: 978-3-540-36598-3
eBook Packages: Computer ScienceComputer Science (R0)