Differential attacks against stream cipher ZUC

Hongjun Wu*, Tao Huang, Phuong Ha Nguyen, Huaxiong Wang, San Ling

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapter

19 Citations (Scopus)

Abstract

Stream cipher ZUC is the core component in the 3GPP confidentiality and integrity algorithms 128-EEA3 and 128-EIA3. In this paper, we present the details of our differential attacks against ZUC 1.4. The vulnerability in ZUC 1.4 is due to the non-injective property in the initialization, which results in the difference in the initialization vector being cancelled. In the first attack, difference is injected into the first byte of the initialization vector, and one out of 215.4 random keys result in two identical keystreams after testing 213.3 IV pairs for each key. The identical keystreams pose a serious threat to the use of ZUC 1.4 in applications since it is similar to reusing a key in one-time pad. Once identical keystreams are detected, the key can be recovered with average complexity 299.4. In the second attack, difference is injected into the second byte of the initialization vector, and every key can result in two identical keystreams with about 2 54 IVs. Once identical keystreams are detected, the key can be recovered with complexity 267. We have presented a method to fix the flaw by updating the LFSR in an injective way in the initialization. Our suggested method is used in the later versions of ZUC. The latest ZUC 1.6 is secure against our attacks.

Original languageEnglish
Title of host publicationAdvances in Cryptology – ASIACRYPT 2012
Subtitle of host publication18th International Conference on the Theory and Application of Cryptology and Information Security, Beijing, China, December 2-6, 2012. Proceedings
EditorsXiaoyun Wang, Kazue Sako
Place of PublicationBerlin
PublisherSpringer, Springer Nature
Pages262-277
Number of pages16
ISBN (Electronic)9783642349614
ISBN (Print)9783642349607
DOIs
Publication statusPublished - 2012
Event18th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2012 - Beijing, China
Duration: 2 Dec 20126 Dec 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7658 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other18th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2012
CountryChina
CityBeijing
Period2/12/126/12/12

Fingerprint Dive into the research topics of 'Differential attacks against stream cipher ZUC'. Together they form a unique fingerprint.

Cite this