Differential resynchronization attacks on reduced round SNOW 3G ⊕

Abstract

The stream cipher SNOW 3G designed in 2006 by ETSI/SA-GE is a base algorithm for the second set of 3GPP confidentiality and integrity algorithms. In this paper, we investigate the resynchronization security of a close variant of SNOW 3G, in which two modular additions are replaced by xors and which is called SNOW 3G ⊕. It is shown that the feedback from the FSM to the LFSR is crucial for security. Given a pair of known IVs, the cipher without such a feedback is extremely vulnerable to differential known IV attacks with practical complexities (2 57 time and 2 33 keystream). With such a feedback, it is shown that 16 out of 33 initialization rounds can be broken by a differential chosen IV attack. This is the first public evaluation result for this algorithm. © 2012 Springer-Verlag.