Cryptanalysis of the F-FCSR stream cipher family

Abstract

This paper focuses on F-FCSR, a new family of stream ciphers proposed by Arnault and Berger at FSE 2005. It uses a non-linear primitive called the Feedback with Carry Shift Register (FCSR) as a building block. Its security relies on some properties of the 2-adic numbers. The F-FCSR family contains several stream ciphers, each of them proposing different features. First, we show a resynchronization attack that breaks algorithms in the family that support initialization vectors. The attack requires at most 2 16 chosen IV's and a little offline processing to recover the full secret key. We have implemented it with success on a standard PC. Secondly, we show a time/memory/data trade-off attack which breaks several algorithms in the F-FCSR family, even when initialization vectors are not supported. Its complexity ranges from 2 64 to 2 80 operations (depending on which algorithm in the family we consider), while the internal state has size 196 bits at least. Therefore this attack is better than generic attacks. © Springer-Verlag Berlin Heidelberg 2006.