Обґрунтування стійкості потокового шифру «Струмок» відносно кореляційних атак над скінченними полями характеристики 2

Abstract

The stream cipher SNOW 2.0 was proposed in 2002 as an alternative to the previous (weaker) version — SNOW. This cipher is standardized today and is one of the fastest program-oriented stream ciphers.The most powerful known attacks on SNOW 2.0 are correlation attacks, the essence of which is to form and solve systems of noised linear equations, in particular, over finite fields of order greater than 2. Despite some progress in this direction, remain unresolved problems related to the development of methods for evaluation and justification the security of SNOW 2.0-like stream ciphers against correlation attacks. To date, there are no methods that can justify the security of these ciphers against known correlation attacks directly from the parameters of their components. In addition, an attempt to apply known methods for evaluating the security of SNOW 2.0 against correlation attacks to some other stream ciphers (for example, Strumok, which is a candidate for National encryption standard of Ukraine) faces the difficulties associated with the size of tasks that have been solved. Unlike SNOW 2.0, constructed above the field of order , the Strumok cipher is set over a field of order , which leads to the impossibility of practical implementation of some known algorithms, the time complexity of which increases from to bit operations.The purpose of this article is to justify the security of Strumok against a wide class of correlation attacks, including known attacks on SNOW 2.0. The main result is a theorem that establishes an analytical bound for parameter characterizing the effectiveness of correlation attacks on SNOW 2.0-like ciphers in terms of their components. This allows in practice to evaluate and justify the security of such ciphers against correlation attacks over finite fields of characteristic 2.