微信服务号

微信订阅号

2025-4-3- 23
Home > Archive>Volume 24, Issue 6, 2013 >1324-1333. DOI:10.3724/SP.J.1001.2013.04287
PDF HTML XML Export Cite reminder
Guess and Determine Attack on SNOW3G and ZUC
Author:
Affiliation:

  • Article
    • | |
  • Metrics
    • |
  • Reference [17]
    • |
  • Related [20]
    • | | |
  • Comments
    Abstract:

    SNOW3G stream cipher is the core of the standardized 3G Partnership Project (3GPP) confidentiality and integrity algorithms UEA2 & UIA2 while ZUC stream cipher is the core of the standardized 3GPP confidentiality and integrity algorithms 128-EEA3 & 128-EIA3. So far, there have been no Guess and Determine attacks applied to SNOW3G. In this paper, a Guess and Determine attack on SNOW3G is proposed with a computational complexity of 2320, requiring 9 keystream words (each word consists of 32 bits). After analyzing the design of ZUC, a half-word-based Guess and Determine attack on ZUC is introduced, based on transforming the word-based nonlinear function of ZUC into a half-word-based nonlinear function. The attack on ZUC has a computational complexity of 2392 and requires 9 keystream words, which is better than the previous Guess and Determine attack on ZUC. These results show that ZUC has much better resistance against Guess and Determine attack than SNOW 3G, though the internal state size of ZUC is smaller than SNOW 3G.

    Reference
    [1] ETSI/SAGE. Specification of the 3GPP confidentiality and integrity algorithms UEA2&UIA2. Document 5: Design and evaluationreport. Version 1.0, 2006. http://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_42_Bangalore/Docs/S3060180.zip
    [2] Ekdahl P, Johansson T. A new version of the stream cipher SNOW. In: Nyberg K, Heys H, eds. Proc. of the SAC 2002. LNCS 2595,Heidelberg: Springer-Verlag, 2002. 47-61. [doi: 10.1007/3-540-36492-7_5]
    [3] Nyberg K, Wallen J. Improved linear distinguishers for SNOW 2.0. In: Matthew JB, ed. Proc. of the FSE 2006. LNCS 4047,Heidelberg: Springer-Verlag, 2006. 144-162. [doi: 10.1007/11799313_10]
    [4] Baigneres T, Junod P, Vaudenay S. How far can we go beyond linear cryptanalysis? In: Pil JL, ed. Proc. of the ASIACRYPT 2004.LNCS 3329, Heidelberg: Springer-Verlag, 2004. 432-450. [doi: 10.1007/978-3-540-30539-2_31]
    [5] Biryukov A, Priemuth-Schmid D, Zhang B. Multiset collision attacks on reduced-round SNOW 3G and SNOW 3G⊕. In: Zhou JY,Moti Y, eds. Proc. of the ACNS 2010. LNCS 6123, Heidelberg: Springer-Verlag, 2010. 139-153. [doi: 10.1007/978-3-642-13708-2_9]
    [6] Debraize B, Corbella IM. Fault analysis of the stream cipher snow 3G. In: Luca B, Israel K, David N, Elisabeth O, Seifert JP, eds.Proc. of the FDTC 2010. Lausanne: IEEE Computer Society, 2009. 103-110. http://doi.ieeecomputersociety.org/10.1109/FDTC.2009.33 [doi: 10.1109/FDTC.2009.33]
    [7] ETSI/SAGE Specification. Specification of the 3GPP confidentiality and integrity algorithms 128-EEA3 & 128-EIA3. Document 2:ZUC Specification. Version 1.4, 2010.
    [8] Feng XT. ZUC algorithm: 3GPP LTE international encryption standard. Information Security and Communications Privacy,2011,19(12):45-46 (in Chinese with English abstract).
    [9] Sun B, Tang XH, Li C. Preliminary cryptanalysis results of ZUC. In: Proc. of the Record of the 1st Int’l Workshop on ZUCAlgorithm. Beijing, 2010. 18-19.
    [10] Wu HJ. Cryptanalysis of the stream cipher ZUC in the 3GPP confidentiality & integrity algorithms 128-EEA3 & 128-EIA3. In:Proc. of the Record of the Sump Session in ASIACRYPT 2010. Singapore, 2010.
    [11] ETSI/SAGE Specification. Specification of the 3GPP confidentiality and integrity algorithms 128-EEA3 & 128-EIA3. Document 2:ZUC Specification. Version 1.5, 2011.
    [12] Ding L, Liu SK, Zhang ZY, Guan J. Guess and Determine attack on ZUC based on solving nonlinear equations. In: Proc. of theRecord of the 1st Int’l Workshop on ZUC Algorithm. Beijing, 2010. 1-9.
    [13] Zhou CF, Feng XT, Lin DD. The initialization stage analysis of ZUC v1.5. In: Lin DD, Tsudik G, Wang XY, eds. Proc. of theACNS 2011. LNCS 7092, Heidelberg: Springer-Verlag, 2011. 40-53. [doi: 10.1007/978-3-642-25513-7_5]
    [14] Hawkes P, Rose GG. Guess-and-Determine attacks on SNOW. In: Nyberg K, Heys H, eds. Proc. of the SAC 2002. LNCS 2595,Heidelberg: Springer-Verlag, 2002. 37-46. [doi: 10.1007/3-540-36492-7_4]
    [15] Babbage S, De Canniere C, Lano J. Cryptanalysis of SOBER-t32. In: Thomas J, ed. Proc. of the FSE 2003. LNCS 2887, Heidelberg:Springer-Verlag, 2003. 111-128. [doi: 10.1007/978-3-540-39887-5_10]
    [16] Mattsson J. A Guess-and-Determine attack on the stream cipher polar bear. In: Anne C, ed. Proc. of the SASC 2006. Leuven, 2006.149-153.
    [17] Feng XT, Liu J, Zhou ZC, Wu CK, Feng DG. A byte-based Guess and Determine attack on SOSEMANUK. In: Masayuki A, ed.Proc. of the ASIACRYPT 2010. LNCS 6477, Heidelberg: Springer-Verlag, 2010. 146-157. [doi: 10.1007/978-3-642-17373-8_9]
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

关杰,丁林,刘树凯. SNOW3G 与ZUC 流密码的猜测决定攻击.软件学报,2013,24(6):1324-1333

Copy
Share
Article Metrics
  • Abstract:4369
  • PDF: 10016
  • HTML: 0
  • Cited by: 0
History
  • Received:November 19,2011
  • Revised:July 16,2012
  • Online: June 07,2013
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2032491Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063