A Review of Py (Roo) Stream Cipher and its Variants

ABSTRAC

New Weaknesses in the Keystream Generation Algorithms of the Stream Ciphers TPy and Py

The stream ciphers Py, Py6 designed by Biham and Seberry were promising candidates in the ECRYPT-eSTREAM project because of their impressive speed. Since their publication in April 2005, a number of cryptanalytic weaknesses of the ciphers have been discovered. As a result, a strengthened version Pypy was developed to repair these weaknesses; it was included in the category of `Focus ciphers\u27 of the Phase II of the eSTREAM competition. However, even the new cipher Pypy was not free from flaws, resulting in a second redesign. This led to the generation of three new ciphers TPypy, TPy and TPy6. The designers claimed that TPy would be secure with a key size up to 256 bytes, i.e., 2048 bits. In February 2007, Sekar \emph{et al.\ }published an attack on TPy with $2^{281}$ data and comparable time. This paper shows how to build a distinguisher with $2^{268.6}$ key/IVs and one outputword for each key (i.e., the distinguisher can be constructed within the design specifications); it uses a different set of weak states of the TPy. Our results show that distinguishing attacks with complexity lower than the brute force exist if the key size of TPy is longer than 268 bits. Therefore, for longer keys, our attack constitutes an academic break of the cipher. Furthermore, we discover a large number of similar bias-producing states of TPy and provide a general framework to compute them. The attacks on TPy are also shown to be effective on Py

Методи оцінювання та обґрунтування стійкості потокових шифрів відносно статистичних атак на основі алгебраїчно вироджених наближень булевих функцій

У дисертації розв’язано актуальну наукову задачу розробки методів по-будови науково обґрунтованих оцінок стійкості синхронних потокових шиф-рів (СПШ) відносно статистичних атак на основі алгебраїчно вироджених наближень булевих функцій. Отримані нові результати дозволяють на прак-тиці оцінювати і обґрунтовувати стійкість сучасних СПШ, що, зрештою, на-дає можливість суттєво скоротити час проведення експертних досліджень алгоритмів потокового шифрування, призначених для захисту державних інформаційних ресурсів України

New Results of Related-key Attacks on All Py-Family of Stream Ciphers

The stream cipher TPypy has been designed by Biham and Seberry in January 2007 as the strongest member of the Py-family of stream ciphers. At Indocrypt 2007, Sekar, Paul and Preneel showed related-key weaknesses in the Py-family of stream ciphers including the strongest member TPypy. Furthermore, they modified the stream ciphers TPypy and TPy to generate two fast ciphers, namely RCR-32 and RCR-64, in an attempt to rule out all the attacks against the Py-family of stream ciphers. So far there exists no attack on RCR-32 and RCR-64. In this paper, we show that the related-key weaknesses can be still used to construct related-key distinguishing attacks on all Py-family of stream ciphers including the modified versions RCR-32 and RCR-64. Under related keys, we show distinguishing attacks on RCR-32 and RCR-64 with data complexity 2139.3 and advantage greater than 0.5. We also show that the data complexity of the distinguishing attacks on Py-family of stream ciphers proposed by Sekar et al. can be reduced fromto. These results constitute the best attacks on the strongest members of the Py-family of stream ciphers Tpypy, RCR-32 and RCR-64. By modifying the key setup algorithm, we propose two new stream ciphers TRCR-32 and TRCR-64 which are derived from RCR-32 and RCR-64 respectively. Based on our security analysis, we conjecture that no attacks lower than brute force are possible on TRCR-32 and TRCR-64 stream ciphers