Abstract
A keystream can be produced by driving a known pseudo-random function with a counter, starting with a secret initial value. Knowledge of M blocks of keystream allows a speed-up of crypt-analysis by a factor of M over exhaustive search. A similar result holds when the function is a secret choice from a parameterized family. These results are the best possible under a black-box model, i.e., where the function is revealed to the analyst only by calling an oracle.
A synchronous cryptosystem can be produced by driving a pseudorandom function with a counter to generate a keystream. The initial value of the counter may be kept secret as part or all of the key. This paper shows that this provides some additional security, but not as much as might appear at first glance. The author wishes to thank H. Amirazizi, M. Hellman, E. Karnin, and J. Reyneri for useful conversations.
Naturally such a system depends upon the cryptographic security of the basic function. It must be one-way in a strong sense: given the values of the function on some set of arguments, it must be infeasible to compute the value on any argument not in the set.
For this paper, we assume that the basic function is a cryptographically secure pseudo-random function. We consider only attacks which are uniform, attacks which do not use particular weaknesses of the function. We present such an attack which reduces the cryptanalyst’s work by a factor of M over exhaustive search, when he is given M corresponding blocks of ciphertext and plaintext. Furthermore, we show that this is optimal for such uniform attacks.
In the first system we consider, the only secret is the initial value of the counter.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
M. E. Hellman, “On DES Based Synchronous Encryption,” to appear in Computer.
M. E. Hellman, E. Karnin, and J. Reyneri, “On the Necessity of Cryptanalytic Exhaustive Search,” Crypto 81.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1983 Springer Science+Business Media New York
About this paper
Cite this paper
Winternitz, R.S. (1983). Security of a Keystream Cipher with Secret Initial Value. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds) Advances in Cryptology. Springer, Boston, MA. https://doi.org/10.1007/978-1-4757-0602-4_12
Download citation
DOI: https://doi.org/10.1007/978-1-4757-0602-4_12
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-0604-8
Online ISBN: 978-1-4757-0602-4
eBook Packages: Springer Book Archive