TY - JOUR
T1 - Cryptanalysis of the stream cipher LEX
AU - Dunkelman, Orr
AU - Keller, Nathan
N1 - Funding Information: Acknowledgments We would like to express our gratitude to Adi Shamir for his extensive comments and the fruitful discussions. We would also like to thank the anonymous referees for their valuable comments and suggestions. Part of this research was carried out while the first author was with École Normale Supérieure, and was partially supported by the France Telecome Chaire and by the IAP Programme P6/26 BCRYPT of the Belgian State (Belgian Science Policy). The second author was partially supported by the Koshland center for basic research. Part of this research was carried out while the second author was with the Hebrew University, and was partially supported by the Adams Fellowship Program of the Israel Academy of Sciences and Humanities.
PY - 2013/6
Y1 - 2013/6
N2 - Biryukov (The Design of a Stream Cipher LEX, Proceedings of Selected Areas in Cryptography, 2006 Springer, pp 67-75, 2007) presented a new methodology of stream cipher design called leak extraction. The stream cipher LEX, based on this methodology and on the AES block cipher, was selected to round 3 of the eSTREAM competition. The suggested methodology seemed promising, and LEX, due to its elegance, simplicity, and performance, was expected to be selected to the eSTREAM portfolio. In this article we present a key recovery attack on LEX. The attack requires about 240 bytes of key-stream produced by the same key (possibly under many different IVs), and retrieves the secret key in time of about 2100 AES encryptions. Following a preliminary version of our attack, LEX was discarded from the final portfolio of eSTREAM.
AB - Biryukov (The Design of a Stream Cipher LEX, Proceedings of Selected Areas in Cryptography, 2006 Springer, pp 67-75, 2007) presented a new methodology of stream cipher design called leak extraction. The stream cipher LEX, based on this methodology and on the AES block cipher, was selected to round 3 of the eSTREAM competition. The suggested methodology seemed promising, and LEX, due to its elegance, simplicity, and performance, was expected to be selected to the eSTREAM portfolio. In this article we present a key recovery attack on LEX. The attack requires about 240 bytes of key-stream produced by the same key (possibly under many different IVs), and retrieves the secret key in time of about 2100 AES encryptions. Following a preliminary version of our attack, LEX was discarded from the final portfolio of eSTREAM.
KW - AES
KW - LEX
KW - Stream cipher design
UR - http://www.scopus.com/inward/record.url?scp=84876194230&partnerID=8YFLogxK
U2 - 10.1007/s10623-012-9612-7
DO - 10.1007/s10623-012-9612-7
M3 - Article
SN - 0925-1022
VL - 67
SP - 357
EP - 373
JO - Designs, Codes, and Cryptography
JF - Designs, Codes, and Cryptography
IS - 3
ER -