Trivium (cipher) - Security

Security

was designed as an exercise in exploring how far a stream cipher can be simplified without sacrificing its security, speed or flexibility. While simple designs are more likely to be vulnerable to simple, and possibly devastating, attacks (which is why we strongly discourage the use of Trivium at this stage), they certainly inspire more confidence than complex schemes, if they survive a long period of public scrutiny despite their simplicity.

As of September 2010, no cryptanalytic attacks better than brute force attack are known, but several attacks come close. The cube attack requires 230 steps to break a variant of Trivium where the number of initialization rounds is reduced to 735; the authors speculate that these techniques could lead to a break for 1100 initialisation rounds, or "maybe even the original cipher". This builds on an attack due to Michael Vielhaber that breaks 576 initialization rounds in only 212.3 steps.

Another attack recovers the internal state (and thus the key) of the full cipher in around 289.5 steps (where each step is roughly the cost of a single trial in exhaustive search). Reduced variants of Trivium using the same design principles have been broken using an equation-solving technique. These attacks improve on the well-known time-space tradeoff attack on stream ciphers, which with Trivium's 288-bit internal state would take 2144 steps, and show that a variant on Trivium which made no change except to increase the key length beyond the 80 bits mandated by eSTREAM Profile 2 would not be secure.

A detailed justification of the design of Trivium is given in.

Read more about this topic:  Trivium (cipher)

Famous quotes containing the word security:

    There is one safeguard known generally to the wise, which is an advantage and security to all, but especially to democracies as against despots. What is it? Distrust.
    Demosthenes (c. 384–322 B.C.)

    Is a Bill of Rights a security for [religious liberty]? If there were but one sect in America, a Bill of Rights would be a small protection for liberty.... Freedom derives from a multiplicity of sects, which pervade America, and which is the best and only security for religious liberty in any society. For where there is such a variety of sects, there cannot be a majority of any one sect to oppress and persecute the rest.
    James Madison (1751–1836)

    It is hard for those who have never known persecution,
    And who have never known a Christian,
    To believe these tales of Christian persecution.
    It is hard for those who live near a Bank
    To doubt the security of their money.
    —T.S. (Thomas Stearns)