Sciweavers

WEWORC
2007

Cryptanalysis of Achterbahn-128/80 with a New Keystream Limitation

14 years 1 months ago
Cryptanalysis of Achterbahn-128/80 with a New Keystream Limitation
This paper presents two key-recovery attacks against the last modication to Achterbahn-128/80 proposed by the authors at SASC 2007 due to the previous attacks. The 80-bit variant, Achterbahn-80, has been limited to produce at most 252 bits of keystream with the same pair of key and IV, while Achterbahn-128 is limited to 256 . The attack against Achterbahn-80 has complexity 267 and needs fewer than 252 bits of keystream, and the one against Achterbahn-128 has complexity 2104 and needs fewer than 256 keystream bits. These attacks are based on the previous ones. The attack against Achterbahn-80 uses a new idea which provides a trade-o between the keystream length and the computational complexity when decimating.
María Naya-Plasencia
Added 07 Nov 2010
Updated 07 Nov 2010
Type Conference
Year 2007
Where WEWORC
Authors María Naya-Plasencia
Comments (0)