Publication Date:
2012-10-02
Description:
Loiss is a new byte-oriented stream cipher designed in 2010. It takes a 128-bit initial key and a 128-bit initial vector (IV) as inputs, and provides 128-bit-level security claimed by the designers. In this paper, we find a differential characteristic with significant probability over the full initialization of Loiss. Based on this differential characteristic, two differential key recovery attacks on Loiss are proposed. The first attack has a computational complexity of2 123.61 , requiring two related keys, 2 34.16 chosen IVs and 2 39.16 keystream bytes. The second attack is based on the first attack: reducing the computational complexity at the cost of increased data complexity. The second attack has a computational complexity of 2 64 , requiring two related keys, 2 36.26 chosen IVs and 2 41.26 keystream bytes. The result shows that our second attack is much better than a brute force attack, and then Loiss does not provide 128-bit-level security. Furthermore, a new proposal for the initialization of Loiss is proposed. The modified Loiss keeps the basic structure of Loiss and provides enough resistance against our attacks on the original Loiss. Based on our security analysis, we conjecture that no attacks lower than brute force are possible on the modified Loiss stream cipher.
Print ISSN:
0010-4620
Electronic ISSN:
1460-2067
Topics:
Computer Science
