Results 1 
4 of
4
A New Class of Single Cycle Tfunctions
 Fast Software Encryption, FSE 2005, LNCS 3557
, 2005
"... Abstract. Tfunction is a relatively new cryptographic building block suitable for streamciphers. It has the potential of becoming a substitute for LFSRs, and those that correspond to maximum length LFSRs are called single cycle Tfunctions. We present a family of single cycle Tfunctions, previousl ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Tfunction is a relatively new cryptographic building block suitable for streamciphers. It has the potential of becoming a substitute for LFSRs, and those that correspond to maximum length LFSRs are called single cycle Tfunctions. We present a family of single cycle Tfunctions, previously unknown. An attempt at building a hardware oriented streamcipher based on this new Tfunction is given.
Differential Cryptanalysis of TFunction Based Stream Cipher TSC4
"... Abstract. TSC4 is a Tfunction based stream cipher with 80bit key, and proposed as a candidate for ECRYPT eStream project. In this paper, we introduce a differential method to analyze TSC4. Our attack is based on the vulnerable differential characteristics in the state initialization of TSC4, an ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract. TSC4 is a Tfunction based stream cipher with 80bit key, and proposed as a candidate for ECRYPT eStream project. In this paper, we introduce a differential method to analyze TSC4. Our attack is based on the vulnerable differential characteristics in the state initialization of TSC4, and for the chosen IV pairs, the differential probability is up to 2 −15.40 in the case of weak keys. We show that there are about 2 72 weak keys among the total 2 80 keys. To recover 8 bits of a weak key needs about 2 40.53 chosen IV pairs. After that, we can search the other 72 key bits by an exhaustive attack. Keywords: Differential cryptanalysis, Tfunction, stream cipher, chosen IV attack, TSC4. 1
Cryptanalysis of Mir1, a Tfunction Based Stream Cipher
, 2006
"... This paper describes the cryptanalysis of Mir1, a Tfunction based stream cipher proposed at eSTREAM (the ECRYPT Stream Cipher Project) in 2005. It uses a multiword Tfunction, with four 64bit words, as its basic structure. Mir1 operations process the data in every 64 bits (one word) to generat ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
This paper describes the cryptanalysis of Mir1, a Tfunction based stream cipher proposed at eSTREAM (the ECRYPT Stream Cipher Project) in 2005. It uses a multiword Tfunction, with four 64bit words, as its basic structure. Mir1 operations process the data in every 64 bits (one word) to generate a keystream. This paper discusses a distinguishing attack against Mir1, one that exploits the Tfunction characteristics and the Mir1 initialization. With merely three or four IV pairs, this attack can distinguish a Mir1 output sequence from a true random sequence. In this case, the amount of data theoretically needed for cryptanalysis is only 2^10 words.
THEORETICAL CRYPTANALYSIS OF THE KLIMOVSHAMIR NUMBER GENERATOR TF1
, 2007
"... Abstract. The internal state of the KlimovShamir number generator TF1 consists of four words of size w bits each, whereas its intended strength is 2 2w. We exploit an asymmetry in its output function to show that the internal state can be recovered after having 2 w outputs, using 2 1.5w operations ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. The internal state of the KlimovShamir number generator TF1 consists of four words of size w bits each, whereas its intended strength is 2 2w. We exploit an asymmetry in its output function to show that the internal state can be recovered after having 2 w outputs, using 2 1.5w operations. For w = 32 the attack is practical, but for their recommended w = 64 it is only of theoretical interest. 1. Generalized TF1 generators The KlimovShamir number generator TF1 was introduced in [3] and is based on the methods developed in [2] and references therein. This is an iterative pseudorandom number generator. Its internal state consists of four words a, b, c, d, of size w bits each. C1, C2, C3, C are fixed constants chosen to optimize several properties (which are not relevant for our analysis). The update function of the generator is defined as follows. 1