Patrik Ekdahl

A New Version of the Stream Cipher SNOW

In 2000, the stream cipher SNOW was proposed. A few attacks followed, indicating certain weaknesses in the design. In this paper we propose a new version of SNOW, called SNOW 2.0. The new version of the cipher does not only appear to be more secure, but its implementation is also a bit faster in software.

Distinguishing Attacks on SOBER-t16 and t32

Two ways of mounting distinguishing attacks on two similar stream ciphers, SOBER-t16 and SOBER-t32, are proposed. It results in distinguishing attacks faster than exhaustive key search on full SOBER- t16 and on SOBER-t32 without stuttering.

Another attack on A5/1

A5/1 is a stream cipher used in the GSM system. Several time-memory trade-off attacks against A5/1 have been proposed previously. This paper presents a completely different attack, based on ideas from correlation attacks.

A note on the selfshrinking generator

This paper shows that certain weak feedback polynomials allow very efficient distinguishing attacks on the selfshrinking generator. This gives a new improved attack if the generator uses a secret feedback polynomial.

Another attack on A5/1 [GSM stream cipher]

A5/1 is a stream cipher used in the GSM system. Several time-memory trade-off attacks against A5/1 have been proposed previously. This paper presents a completely different attack, based on ideas from correlation attacks.

Incremental Authentication of Tree-Structured Documents

A new message authentication code (MAC) is described that exploits the tree structure present in many modern document formats, e.g. SGML and XML. The new code supports incremental updating of the cryptographic checksum in the process of making incremental changes to the document. Theoretical bounds on the probability of a successful substitution attack are derived. Through experimental results we demonstrate that for randomly chosen messages the success probability of such an attack will be smaller and is easily identified.