Abstract
Loiss is a novel byte-oriented stream cipher proposed in 2011. In this paper, based on solving systems of linear equations, we propose an improved Guess and Determine attack on Loiss with a time complexity of 2231and a data complexity of 268, which reduces the time complexity of the Guess and Determine attack proposed by the designers by a factor of 216. Furthermore, a related key chosenIVattack on a scaled-down version of Loiss is presented. The attack recovers the 128-bit secret key of the scaled-down Loiss with a time complexity of 280, requiring 264chosenIVs. The related key attack is minimal in the sense that it only requires one related key. The result shows that our key recovery attack on the scaled-down Loiss is much better than an exhaustive key search in the related key setting.
Highlights
Many stream ciphers have been proposed over the past 20 years
Loiss is based on a linear feedback shift register and utilizes a structure called byteoriented mixer with memory (BOMM) in the filter generator, which aims to improve the resistance against algebraic attacks, linear distinguishing attacks, and fast correlation attacks
By exploiting some differential properties of the BOMM structure during the cipher initialization phase, two related key attacks on Loiss were independently proposed in [8, 9]. These results show that the additional design complication, that is, the addition of the BOMM mechanism, weakens the cipher instead of strengthening it
Summary
Many stream ciphers have been proposed over the past 20 years. Most of them are constructed using a linear feedback shift register (LFSR), which is implemented in hardware, but the software implementations are mostly slow. By exploiting some differential properties of the BOMM structure during the cipher initialization phase, two related key attacks on Loiss were independently proposed in [8, 9]. These results show that the additional design complication, that is, the addition of the BOMM mechanism, weakens the cipher instead of strengthening it. In this paper, based on solving systems of linear equations, we propose an improved Guess and Determine attack on Loiss, which has a time complexity of 2231 with a data complexity of 268.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
