An Efficient State Recovery Attack on the X-FCSR Family of Stream Ciphers

We describe a state recovery attack on the X-FCSR family of stream ciphers. In this attack we analyse each block of output keystream and try to solve for the state. The solver will succeed when a number of state conditions are satisfied. For X-FCSR-256, our best attack has a computational complexity of only 2^{4.7} table lookups per block of keystream, with an expected 2^{44.3} such blocks before the attack is successful. The precomputational storage requirement is 2^{33}. For X-FCSR-128, the computational complexity of our best attack is 2^{16.3} table lookups per block of keystream, where we expect 2^{55.2} output blocks before the attack comes through. The precomputational storage requirement for X-FCSR-128 is 2^{67}

X-FCSR: a new software oriented stream cipher based upon FCSRs

Feedback with Carry Shift Registers (FCSRs) are a promising alternative to LFSRs in the design of stream cipher. The previous constructions based on FCSRs were dedicated to hardware applications. In this paper, we will describe X-FCSR a family of software oriented stream cipher using FCSRs. The core of the system is composed of two 256-bits FCSRs. We propose two versions: X-FCSR-128 and X-FCSR-256 which output respectively 128 and 256 bits at each iteration. We study the resistance of our design against several cryptanalyses. In this way, we achieve a high throughput and secure stream ciphers suitable for software applications (6.3 cycles/byte)

An Efficient State Recovery Attack on X-FCSR-256

We describe a state recovery attack on the X-FCSR-256 stream cipher of total complexity at most $2^{57.6}$. This complexity is achievable by requiring $2^{49.3}$ output blocks with an amortized calculation effort of at most $2^{8.3}$ table lookups per output block using no more than $2^{33}$ table entries of precomputational storage