Related key chosen IV attacks on Decim v2 and Decim-128

Abstract

The Decim v1 is a hardware oriented stream cipher that was proposed by Berbain et al. and has been submitted to eSTREAM. Decim v2 is a revised version of Decim v1 and was submitted to ISO/IEC 18033-4. Decim-128 is a 128-bit security version of Decim. In this paper, we propose related key chosen IV attacks on Decim v2 and Decim-128. The attacks on Decim v2 and Decim-128 can recover the 80-bit and 128-bit secret keys with computational complexity of 2 68/2 96, requiring 2 20/2 51 chosen IVs, 2 26/2 56.88-bit stream sequence and negligible/ 2 42.58 bits space, respectively. When more than 8 and 10 related keys can be obtained for Decim v2 and Decim-128, the computational complexity can be reduced to 2 32/2 38, requiring 2 23/2 33.32 chosen IVs, 2 29/2 39.25-bit stream sequence and negligible/ 2 30.91 bits space, respectively. These results have been the best key recovery attacks on Decim v2 and Decim-128.