Trivium (cipher) - Security

Security

was designed as an exercise in exploring how far a stream cipher can be simplified without sacrificing its security, speed or flexibility. While simple designs are more likely to be vulnerable to simple, and possibly devastating, attacks (which is why we strongly discourage the use of Trivium at this stage), they certainly inspire more confidence than complex schemes, if they survive a long period of public scrutiny despite their simplicity.

As of September 2010, no cryptanalytic attacks better than brute force attack are known, but several attacks come close. The cube attack requires 230 steps to break a variant of Trivium where the number of initialization rounds is reduced to 735; the authors speculate that these techniques could lead to a break for 1100 initialisation rounds, or "maybe even the original cipher". This builds on an attack due to Michael Vielhaber that breaks 576 initialization rounds in only 212.3 steps.

Another attack recovers the internal state (and thus the key) of the full cipher in around 289.5 steps (where each step is roughly the cost of a single trial in exhaustive search). Reduced variants of Trivium using the same design principles have been broken using an equation-solving technique. These attacks improve on the well-known time-space tradeoff attack on stream ciphers, which with Trivium's 288-bit internal state would take 2144 steps, and show that a variant on Trivium which made no change except to increase the key length beyond the 80 bits mandated by eSTREAM Profile 2 would not be secure.

A detailed justification of the design of Trivium is given in.

Read more about this topic:  Trivium (cipher)

Famous quotes containing the word security:

    Thanks to recent trends in the theory of knowledge, history is now better aware of its own worth and unassailability than it formerly was. It is precisely in its inexact character, in the fact that it can never be normative and does not have to be, that its security lies.
    Johan Huizinga (1872–1945)

    If we could have any security against moods! If the profoundest prophet could be holden to his words, and the hearer who is ready to sell all and join the crusade, could have any certificate that to-morrow his prophet shall not unsay his testimony!
    Ralph Waldo Emerson (1803–1882)

    Of course we will continue to work for cheaper electricity in the homes and on the farms of America; for better and cheaper transportation; for low interest rates; for sounder home financing; for better banking; for the regulation of security issues; for reciprocal trade among nations and for the wiping out of slums. And my friends, for all of these we have only begun to fight.
    Franklin D. Roosevelt (1882–1945)