Cryptanalysis of Helix and Phelix revisited
文献类型:会议论文
| 作者 | Shi, Zhenqing (1) ; Zhang, Bin (2) ; Feng, Dengguo (1) |
| 出版日期 | 2013 |
| 会议名称 | 18th Australasian Conference on Information Security and Privacy, ACISP 2013 |
| 会议日期 | July 1, 2013 - July 3, 2013 |
| 会议地点 | Brisbane, QLD, Australia |
| 页码 | 27-40 |
| 中文摘要 | Helix, designed by Ferguson et al., is a high-speed asynchronous stream cipher with a built-in MAC functionality. At FSE 2004, Muller presented two attacks on Helix. Motivated by these attacks, Phelix was proposed and selected as a Phase 2 focus cipher for both Profile 1 and Profile 2 by the eSTREAM project, but was not advanced to Phase 3 mainly due to a key recovery attack by Wu and Preneel when the prohibition against reusing a nonce is violated. In this paper, we study the security of Helix and Phelix in the more realistic chosen nonce model. We first point out a flaw in Muller's second attack, which results in the failure of his attack. Then we propose our distinguishing attack on Helix with a data complexity of 2132, faster than exhaustive search when the key length is larger than 132 bits. Furthermore, when the maximal length of output keystream is extended, the data complexity can be reduced to 2 127 and we also can construct a key recovery attack with a data complexity of 2163. Since this flaw is overlooked by the designers of Phelix, we can extend the distinguishing attack to Phelix with the same complexity, which shows that Phelix fails to strengthen Helix against internal state collision attacks. Our results provide new insights on the design of such dedicated ciphers with built-in authentication. © 2013 Springer-Verlag. |
| 英文摘要 | Helix, designed by Ferguson et al., is a high-speed asynchronous stream cipher with a built-in MAC functionality. At FSE 2004, Muller presented two attacks on Helix. Motivated by these attacks, Phelix was proposed and selected as a Phase 2 focus cipher for both Profile 1 and Profile 2 by the eSTREAM project, but was not advanced to Phase 3 mainly due to a key recovery attack by Wu and Preneel when the prohibition against reusing a nonce is violated. In this paper, we study the security of Helix and Phelix in the more realistic chosen nonce model. We first point out a flaw in Muller's second attack, which results in the failure of his attack. Then we propose our distinguishing attack on Helix with a data complexity of 2132, faster than exhaustive search when the key length is larger than 132 bits. Furthermore, when the maximal length of output keystream is extended, the data complexity can be reduced to 2 127 and we also can construct a key recovery attack with a data complexity of 2163. Since this flaw is overlooked by the designers of Phelix, we can extend the distinguishing attack to Phelix with the same complexity, which shows that Phelix fails to strengthen Helix against internal state collision attacks. Our results provide new insights on the design of such dedicated ciphers with built-in authentication. © 2013 Springer-Verlag. |
| 收录类别 | EI |
| 会议录出版地 | Springer Verlag, Tiergartenstrasse 17, Heidelberg, D-69121, Germany |
| 语种 | 英语 |
| ISSN号 | 3029743 |
| ISBN号 | 9783642390586 |
| 源URL | [http://ir.iscas.ac.cn/handle/311060/16668]  |
| 专题 | 软件研究所_软件所图书馆_会议论文 |
| 推荐引用方式 GB/T 7714 | Shi, Zhenqing ,Zhang, Bin ,Feng, Dengguo . Cryptanalysis of Helix and Phelix revisited[C]. 见:18th Australasian Conference on Information Security and Privacy, ACISP 2013. Brisbane, QLD, Australia. July 1, 2013 - July 3, 2013. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。