New cube distinguishers on NFSR-based stream ciphers

Abstract

In this paper, we revisit the work of Sarkar et al. (Des Codes Cryptogr 82(1–2):351–375, 2017) and Liu (Advances in cryptology—Crypto 2017, 2017) and show how both of their ideas can be tuned to find good cubes. Here we propose a new algorithm for cube generation which improves existing results on Zero- Sum distinguisher. We apply our new cube finding algorithm to three different nonlinear feedback shift register (NFSR) based stream ciphers Trivium, Kreyvium and ACORN. From the results, we can see a cube of size 39, which gives Zero- Sum for maximum 842 rounds and a significant non-randomness up to 850 rounds of Trivium. We provide some small size good cubes for Trivium, which outperform existing ones. We further investigate Kreyvium and ACORN by a similar technique and obtain cubes of size 56 and 92 which give Zero- Sum distinguisher till 875 and 738 initialization rounds of Kreyvium and ACORN respectively. To the best of our knowledge, these results are best results as compared to the existing results on distinguishing attacks of these ciphers. We also provide a table of good cubes of sizes varying from 10 to 40 for these three ciphers.