Cryptography Reference
In-Depth Information
As of September 2008, seven stream ciphers have been selected for the final
portfolio. Among them, HC-128, Rabbit, Salsa20/12 and SOSEMANUK be-
long to the software profile and the other three, namely, Grain v1, MICKEY
v2 and Trivium belong to Profile 2. A comprehensive survey on all of these
ciphers is available in [145]. Thus the current eSTREAM portfolio is as fol-
lows.
Profile 1 (SW)
Profile 2 (HW)
HC-128
Grain v1
Rabbit
MICKEY v2
Salsa20/12
Trivium
SOSEMANUK
It is expected that research on the eSTREAM submissions in general,
and the portfolio ciphers in particular, will continue. It is also possible that
changes to the eSTREAM portfolio might be needed in the future.
2.2 Attack Models for Stream Cipher Cryptanalysis
Below we briefly describe the common attack models with respect to which
the security analysis of stream ciphers are performed.
2.2.1 Brute Force Key Search
For a key of size l bits, a brute force search consists of trying all 2
l
keys
to check which one leads to the observed data. It is the most basic attack
against any symmetric key cryptosystem.
The following techniques can speed-up the brute force search.
1. Time Memory Trade-Off (TMTO): Hellman showed [68] that by pre-
computing some values and storing them in memory one can perform
a brute force attack on block ciphers faster. Later, in [7], such TMTO
attacks were shown to be applicable for stream ciphers as well.
2. Sampling Resistance: In [20], this property of stream cipher related to
the TMTO attack was introduced. It measures how easy it is to find
keys that generate keystreams with a certain property of the keystream
output.
2.2.2 Weak Keys
The secret key completely determines the output sequence of a stream ci-
pher. If the keys are “weak,” in the sense that they leak secret key information
