Treatment of the Initial Value in Time-Memory- Data Tradeoff Attacks on Stream Ciphers

ORR DUNKELMAN, Nathan Keller

Research output: Contribution to conferencePaperpeer-review


Time-Memory Tradeoff (TMTO) attacks on stream ciphers
are a serious security threat and the resistance to this class of attacks is
an important criterion in the design of a modern stream cipher. TMTO
attacks are especially effective against stream ciphers where a variant of
the TMTO attack can make use of multiple data to reduce the off-line
and the on-line time complexities of the attack (given a fixed amount of
In this paper we present a new approach to TMTO attacks against stream
ciphers using a publicly known initial value (IV):We suggest not to treat
the IV as part of the secret key material (as done in current attacks),
but rather to choose in advance some IVs and apply a TMTO attack
to streams produced using these IVs. We show that while the obtained
tradeoff curve is identical to the curve obtained by the current approach,
the new technique allows to mount the TMTO attack in a larger variety
of settings. For example, if both the secret key and the IV are of length n,
it is possible to mount an attack with data, time, and memory complex-
ities of 24n/5, while in the current approach, either the time complexity
or the memory complexity is not less than 2n.
Original languageEnglish
Number of pages10
StatePublished - 2008
Externally publishedYes

Bibliographical note

State of the Art in Stream Ciphers 2008, Lausanne


Dive into the research topics of 'Treatment of the Initial Value in Time-Memory- Data Tradeoff Attacks on Stream Ciphers'. Together they form a unique fingerprint.

Cite this