Tradeoff Attacks on Symmetric Ciphers

Tradeoff attacks on symmetric ciphers can be considered as the generalization of the exhaustive search. Their main objective is reducing the time complexity by exploiting the memory after preparing very large tables at a cost of exhaustively searching all the space during the precomputation phase. It is possible to utilize data (plaintext/ciphertext pairs) in some cases like the internal state recovery attacks for stream ciphers to speed up further both online and offline phases. However, how to take advantage of data in a tradeoff attack against block ciphers for single key recovery cases is still unknown. We briefly assess the state of art of tradeoff attacks on symmetric ciphers, introduce some open problems and discuss the security criterion on state sizes. We discuss the strict lower bound for the internal state size of keystream generators and propose more practical and fair bound along with our reasoning. The adoption of our new criterion can break a fresh ground in boosting the security analysis of small keystream generators and in designing ultra-lightweight stream ciphers with short internal states for their usage in specially low source devices such as IoT devices, wireless sensors or RFID tags

Interleaving Cryptanalytic Time-memory Trade-offs on Non-Uniform Distributions

International audienceCryptanalytic time-memory trade-offs (TMTO) are well-knowntools available in any security expert toolbox. They have been used tobreak ciphers such as A5/1, but their efficiency to crack passwords madethem even more popular in the security community. While symmetrickeys are generated randomly according to a uniform distribution, pass-words chosen by users are in practice far from being random, as con-firmed by recent leakage of databases. Unfortunately, the technique usedto build TMTOs is not appropriate to deal with non-uniform distribu-tions. In this paper, we introduce an efficient construction that consists inpartitioning the search set into subsets of close densities, and a strategyto explore the TMTOs associated to the subsets based on an interleavedtraversal. This approach results in a significant improvement comparedto currently used TMTOs. We experimented our approach on a classicalproblem, namely cracking 7-character NTLM Hash passwords using analphabet with 34 special characters, which resulted in a 16 × speedupover rainbow tables, which are considered as the most efficient variant oftime-memory trade-offs