paper
title
Distinguishing Attacks on T-functions.
authors
Simon Künzli, Pascal Junod, and Willi Meier.
publication
In E. Dawson and S. Vaudenay, editors, Progress in Cryptology - MyCrypt 2005, First International Conference on Cryptology in Malaysia, Kuala Lumpur, Malaysia, September 28-30, 2005. Proceedings, volume 3715 of Lecture Notes in Computer Science, pages 2-15. Springer-Verlag, 2005.
award
Best paper of the conference.
abstract
Klimov and Shamir proposed a new class of simple cryptographic primitives named T-functions. For two concrete proposals based on the squaring operation, a single word T-function and a previously unbroken multi-word T-function with a 256-bit state, we describe an efficient distinguishing attack having a 232 data complexity. Furthermore, Hong et al. recently proposed two fully specified stream ciphers, consisting of multi-word T-functions with 128-bit states and filtering functions. We describe distinguishing attacks having a 222 and a 234 data complexity, respectively. The attacks have been implemented.