Cryptanalysis of TWOPRIME

Ding et al. [DNRS97] propose a stream generator based on several layers. The linear combination step allows us to recover half the key with minimal effort. Next, we show that the various bytes are insufficiently mixed by these layers, enabling an attack similar to those on two-loop Vigenere ciphers to recover the remainder of the key. Combining these techniques lets us recover the entire TWOPRIME key. We require the generator to produce 233 blocks 235 bytes), or 19 hours worth of output, of which we examine about one million blocks (223 bytes); the computational workload can be estimated at 228 operations. Another set of attacks trades off texts for time, reducing the amount of known plaintext needed to just eight blocks (64 bytes), while needing 232 time and 232 space. We also show how to break two variants of TWOPRIME presented in the original paper.

Click Here to download this article

Share this article

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on WindowSecurity.com! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update.



Receive all the latest articles by email!

Receive Real-Time & Monthly WindowSecurity.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowSecurity.com member!

Discuss your security issues with thousands of other network security experts. Click here to join!

Community Area

Log in | Register

Solution Center

Readers' Choice

Which is your preferred Email Anti Virus solution?