Cryptanalysis of the class of maximum period galois NLFSR-based stream ciphers

Abstract

Espresso cipher is designed targeting 5G wireless communication systems. To achieve high efficiency, a maximum period Galois NLFSR is used as the only building block. The Galois NLFSR is constructed by a scalable method which converts a maximum LFSR to a Galois NLFSR. Based on this method, a new class of stream ciphers, namely maximum period Galois NLFSR-based stream ciphers can be designed. However, we identify a conditional equivalence problem in the design method and adopt the Type-II-to-Fibonacci transformation algorithm. We apply the algorithm to the Espresso cipher and successfully transform the Galois NLFSR to a Fibonacci LFSR with a nonlinear output function. The Espresso cipher is transformed to an LFSR filter generator. We break it by the fast algebraic attack and the Rønjom-Helleseth attack with complexity of 2 68.50 and 2 48.59 logical operations respectively. Moreover, we show that the entire class of maximum period Galois NLFSR-based stream ciphers can be transformed to LFSRs. Therefore, this kind of cipher is always equivalent to an LFSR filter generator. We discuss other related attacks and give suggestions for future design.