## Abstract

This paper presents algebraic attacks on SOBER-t32 and SOBER-t16 without stuttering. For unstuttered SOBER-t32, two different attacks are implemented. In the first attack, we obtain multivariate equations of degree 10. Then, an algebraic attack is developed using a collection of output bits whose relation to the initial state of the LFSR can be described by low-degree equations. The resulting system of equations contains 2^{69} equations and monomials, which can be solved using the Gaussian elimination with the complexity of 2^{196.5}. For the second attack, we build a multivariate equation of degree 14. We focus on the property of the equation that the monomials which are combined with output bit are linear. By applying the Berlekamp-Massey algorithm, we can obtain a system of linear equations and the initial states of the LFSR can be recovered. The complexity of attack is around O(2^{100}) with 2^{92} keystream observations. The second algebraic attack is applicable to SOBER-t16 without stuttering. The attack takes around O(2^{85}) CPU clocks with 2^{78} keystream observations.

Original language | English |
---|---|

Pages (from-to) | 49-64 |

Number of pages | 16 |

Journal | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |

Volume | 3017 |

Publication status | Published - 2004 |