Distinguishing attack on SOBER-128 with linear masking

Joo Yeon Cho; Josef Pieprzyk

Distinguishing attack on SOBER-128 with linear masking

Joo Yeon Cho^*, Josef Pieprzyk

^*Corresponding author for this work

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

6 Citations (Scopus)

Abstract

We present a distinguishing attack against SOBER-128 with linear masking. We found a linear approximation which has a bias of 2^-8.8 for the non-linear filter. The attack applies the observation made by Ekdahl and Johansson that there is a sequence of clocks for which the linear combination of some states vanishes. This linear dependency allows that the linear masking method can be applied. We also show that the bias of the distinguisher can be improved (or estimated more precisely) by considering quadratic terms of the approximation. The probability bias of the quadratic approximation used in the distinguisher is estimated to be equal to O(2^-51.8), so that we claim that SOBER-128 is distinguishable from truly random cipher by observing O(2^103.6) keystream words.

Original language	English
Title of host publication	Information Security and Privacy
Subtitle of host publication	11th Australasian Conference, ACISP 2006, Melbourne, Australia, July 3-5, 2006, Proceedings
Editors	Lynn Margaret Batten, Reihaneh Safavi-Naini
Place of Publication	Berlin; Heidelberg
Publisher	Springer, Springer Nature
Pages	29-39
Number of pages	11
ISBN (Electronic)	9783540354598
ISBN (Print)	3540354581, 9783540354581
Publication status	Published - 2006
Event	11th Australasian Conference on Information Security and Privacy, ACISP 2006 - Melbourne, Australia Duration: 3 Jul 2006 → 5 Jul 2006

Publication series

Name	Lecture Notes in Computer Science
Volume	4058
ISSN (Print)	0302-9743
ISSN (Electronic)	16113-349

Other

Other	11th Australasian Conference on Information Security and Privacy, ACISP 2006
Country/Territory	Australia
City	Melbourne
Period	3/07/06 → 5/07/06

Cite this

Cho, Joo Yeon ; Pieprzyk, Josef. / Distinguishing attack on SOBER-128 with linear masking. Information Security and Privacy: 11th Australasian Conference, ACISP 2006, Melbourne, Australia, July 3-5, 2006, Proceedings. editor / Lynn Margaret Batten ; Reihaneh Safavi-Naini. Berlin; Heidelberg : Springer, Springer Nature, 2006. pp. 29-39 (Lecture Notes in Computer Science).

@inproceedings{47e3ba61ac6149bc82dc1a70b06cb907,

title = "Distinguishing attack on SOBER-128 with linear masking",

abstract = "We present a distinguishing attack against SOBER-128 with linear masking. We found a linear approximation which has a bias of 2-8.8 for the non-linear filter. The attack applies the observation made by Ekdahl and Johansson that there is a sequence of clocks for which the linear combination of some states vanishes. This linear dependency allows that the linear masking method can be applied. We also show that the bias of the distinguisher can be improved (or estimated more precisely) by considering quadratic terms of the approximation. The probability bias of the quadratic approximation used in the distinguisher is estimated to be equal to O(2-51.8), so that we claim that SOBER-128 is distinguishable from truly random cipher by observing O(2103.6) keystream words.",

author = "Cho, {Joo Yeon} and Josef Pieprzyk",

year = "2006",

language = "English",

isbn = "3540354581",

series = "Lecture Notes in Computer Science",

publisher = "Springer, Springer Nature",

pages = "29--39",

editor = "Batten, {Lynn Margaret} and Reihaneh Safavi-Naini",

booktitle = "Information Security and Privacy",

address = "United States",

note = "11th Australasian Conference on Information Security and Privacy, ACISP 2006 ; Conference date: 03-07-2006 Through 05-07-2006",

}

Cho, JY & Pieprzyk, J 2006, Distinguishing attack on SOBER-128 with linear masking. in LM Batten & R Safavi-Naini (eds), Information Security and Privacy: 11th Australasian Conference, ACISP 2006, Melbourne, Australia, July 3-5, 2006, Proceedings. Lecture Notes in Computer Science, vol. 4058, Springer, Springer Nature, Berlin; Heidelberg, pp. 29-39, 11th Australasian Conference on Information Security and Privacy, ACISP 2006, Melbourne, Australia, 3/07/06.

Distinguishing attack on SOBER-128 with linear masking. / Cho, Joo Yeon; Pieprzyk, Josef.

Information Security and Privacy: 11th Australasian Conference, ACISP 2006, Melbourne, Australia, July 3-5, 2006, Proceedings. ed. / Lynn Margaret Batten; Reihaneh Safavi-Naini. Berlin; Heidelberg : Springer, Springer Nature, 2006. p. 29-39 (Lecture Notes in Computer Science; Vol. 4058).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - Distinguishing attack on SOBER-128 with linear masking

AU - Cho, Joo Yeon

AU - Pieprzyk, Josef

PY - 2006

Y1 - 2006

N2 - We present a distinguishing attack against SOBER-128 with linear masking. We found a linear approximation which has a bias of 2-8.8 for the non-linear filter. The attack applies the observation made by Ekdahl and Johansson that there is a sequence of clocks for which the linear combination of some states vanishes. This linear dependency allows that the linear masking method can be applied. We also show that the bias of the distinguisher can be improved (or estimated more precisely) by considering quadratic terms of the approximation. The probability bias of the quadratic approximation used in the distinguisher is estimated to be equal to O(2-51.8), so that we claim that SOBER-128 is distinguishable from truly random cipher by observing O(2103.6) keystream words.

AB - We present a distinguishing attack against SOBER-128 with linear masking. We found a linear approximation which has a bias of 2-8.8 for the non-linear filter. The attack applies the observation made by Ekdahl and Johansson that there is a sequence of clocks for which the linear combination of some states vanishes. This linear dependency allows that the linear masking method can be applied. We also show that the bias of the distinguisher can be improved (or estimated more precisely) by considering quadratic terms of the approximation. The probability bias of the quadratic approximation used in the distinguisher is estimated to be equal to O(2-51.8), so that we claim that SOBER-128 is distinguishable from truly random cipher by observing O(2103.6) keystream words.

UR - http://www.scopus.com/inward/record.url?scp=33746379927&partnerID=8YFLogxK

M3 - Conference proceeding contribution

AN - SCOPUS:33746379927

SN - 3540354581

SN - 9783540354581

T3 - Lecture Notes in Computer Science

SP - 29

EP - 39

BT - Information Security and Privacy

A2 - Batten, Lynn Margaret

A2 - Safavi-Naini, Reihaneh

PB - Springer, Springer Nature

CY - Berlin; Heidelberg

T2 - 11th Australasian Conference on Information Security and Privacy, ACISP 2006

Y2 - 3 July 2006 through 5 July 2006

ER -

Distinguishing attack on SOBER-128 with linear masking

Abstract

Publication series

Other

Other files and links

Fingerprint

Cite this