zbMATH — the first resource for mathematics

Loiss: a byte-oriented stream cipher. (English) Zbl 1272.94029
Chee, Yeow Meng (ed.) et al., Coding and cryptology. Third international workshop, IWCC 2011, Qingdao, China, May 30 – June 3, 2011. Proceedings. Berlin: Springer (ISBN 978-3-642-20900-0/pbk). Lecture Notes in Computer Science 6639, 109-125 (2011).
Summary: This paper presents a byte-oriented stream cipher – Loiss, which takes a 128-bit initial key and a 128-bit initial vector as inputs, and outputs a keystream in bytes. The algorithm is based on a linear feedback shift register, and uses a structure called BOMM in the filter generator, which has good property on resisting algebraic attacks, linear distinguishing attacks and fast correlation attacks. In order for the BOMM to be balanced, the S-boxes in the BOMM must be orthomorphic permutations. To further improve the capability in resisting against those attacks, the S-boxes in the BOMM must also possess some good cryptographic properties, for example, high algebraic immunity, high nonlinearity, and so on. However current researches on orthomorphic permutations pay little attention on their cryptographic properties, and we believe that the proposal of Loiss will enrich the application of orthomorphic permutations in cryptography, and also motivate the research on a variety of cryptographic properties of orthomorphic permutations.
For the entire collection see [Zbl 1214.94002].

94A60 Cryptography
Full Text: DOI
[1] ETSI/SAGE, SNOW 3G Specification, Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2, Document 2 (September 2006)
[2] eSTREAM, ECRYPT Stream Cipher Project, http://www.ecrypt.eu.org/stream
[3] Rivest, R.L.: The RC4 encryption algorithm, RSA Data Security, Inc. (March 1992)
[4] FIPS PUB 197, The official AES standard, http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
[5] Mittenthal, L.: Block substitutions using orthomorphic mappings. Advances in Applied Mathematics 16(1), 59–71 (1995) · Zbl 0863.20012 · doi:10.1006/aama.1995.1003
[6] Lv, S.W., Fan, X.B., Wang, Z.S., Xu, J.L., Zhang, J.: Completing mappings and their appliactions. University of Sciences and Technology of China Press (2008)
[7] Vaudenay, S.: On the Lai-Massey Scheme. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 8–19. Springer, Heidelberg (1999) · Zbl 0977.94044 · doi:10.1007/978-3-540-48000-6_2
[8] Chinese State Bureau of Cryptography Administration, Cryptographic algorithms SMS4 used in wireless LAN products, http://www.oscca.gov.cn/Doc/6/News_1106.htm
[9] Golomb, S.W., Gong, G.: Signal design for good correlation for wireless communication, cryptography and radar. Cambridge University Press, Cambridge (2004) · Zbl 1097.94015
[10] Zeng, K., Huang, H.: On the linear syndrome method in cryptanalysis. In: EUROCRYPT 1988, pp. 469–478 (1990) · doi:10.1007/0-387-34799-2_32
[11] Siegenthaler, T.: Correlation-immunity of nonlinear combining functions for cryptographic applications. IEEE Transaction on Information Theory, IT-30, 776–780 (1984) · Zbl 0554.94010 · doi:10.1109/TIT.1984.1056949
[12] Canniere, C.: Guess and determine attack on SNOW, NESSIE Public Document, NES/DOC/KUL/WP5/011/a (2001)
[13] Hawkes, P., Rose, G.G.: Guess-and-Determine Attacks on SNOW. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 37–46. Springer, Heidelberg (2003) · Zbl 1027.68598 · doi:10.1007/3-540-36492-7_4
[14] Watanabe, D., Biryukov, A., Canniere, C.: A distinguishing attack of SNOW 2. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 222–233. Springer, Heidelberg (2004) · Zbl 1081.94539 · doi:10.1007/978-3-540-24654-1_16
[15] Coppersmith, D., Halevi, S., Jutla, C.S.: Cryptanalysis of Stream Ciphers with Linear Masking. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 515–532. Springer, Heidelberg (2002) · Zbl 1026.94525 · doi:10.1007/3-540-45708-9_33
[16] Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994) · Zbl 0951.94519 · doi:10.1007/3-540-48285-7_33
[17] Courtois, N.T., Meier, W.: Algebraic attacks on stream ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 346–359. Springer, Heidelberg (2003) · Zbl 1038.94525
[18] Ronjom, S., Helleseth, T.: Attacking the filter generator over GF(2m). In: Workshop Record of SASC 2007: The State of the Art of Stream Ciphers, eSTREAM report 2007/011 (2007)
[19] Meier, W., Pasalic, E., Carlet, C.: Algebraic Attacks and Decomposition of Boolean Functions. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 474–491. Springer, Heidelberg (2004) · Zbl 1122.94041 · doi:10.1007/978-3-540-24676-3_28
[20] Diem, C.: The XL-Algorithm and a Conjecture from Commutative Algebra. In: Lee, P.J. (ed.) ASIACRYPT 2004. LNCS, vol. 3329, pp. 323–337. Springer, Heidelberg (2004) · Zbl 1094.94029 · doi:10.1007/978-3-540-30539-2_23
[21] Hellman, M.E.: A cryptanalytic time-memory tradeoff. IEEE Transactions on Information Theory 26, 401–406 (1980) · Zbl 0436.94016 · doi:10.1109/TIT.1980.1056220
[22] Biryukov, A., Shamir, A.: Cryptanalytic time/Memory/Data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000) · Zbl 0980.94013 · doi:10.1007/3-540-44448-3_1
[23] Biryukov, A., Mukhopadhyay, S., Sarkar, P.: Improved time-memory trade-offs with multiple data. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 110–127. Springer, Heidelberg (2006) · Zbl 1151.94481 · doi:10.1007/11693383_8
[24] Hong, J., Sarkar, P.: New Applications of Time Memory Data Tradeoffs. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 353–372. Springer, Heidelberg (2005) · Zbl 1154.68395 · doi:10.1007/11593447_19
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.