Cryptanalyse de Achterbahn-128/80

TL;DR

This paper introduces two new cryptanalytic attacks on the Achterbahn-128/80 stream cipher, significantly reducing the complexity needed to compromise its security by improving previous methods and exploiting short register lengths.

Contribution

The paper presents improved attack algorithms against Achterbahn-128/80, reducing attack complexity and leveraging short register lengths, advancing cryptanalysis of this cipher.

Findings

Attack on Achterbahn-80 with complexity 2^{56.32}

Attack on Achterbahn-128 with 2^{75.4} operations and 2^{61} keystream bits

Based on improvements of Hell and Johansson's attack and exploiting short register lengths

Abstract

This paper presents two attacks against Achterbahn-128/80, the last version of one of the stream cipher proposals in the eSTREAM project. The attack against the 80-bit variant, Achterbahn-80, has complexity 2^{56.32}. The attack against Achterbahn-128 requires 2^{75.4} operations and 2^{61} keystream bits. These attacks are based on an improvement of the attack due to Hell and Johansson against Achterbahn version 2 and also on an algorithm that makes profit of the short lengths of the constituent registers. ***** Ce papier pr\'{e}sente deux attaques sur Achterbahn-128/80, la derni\`{e}re version d'un des algorithmes propos\'{e}s dans le cadre de eSTREAM. L'attaque sur la version de 80 bits, Achterbahn-80, est en 2^{56.32}. L'attaque sur Achterbahn-128 a besoin de 2^{75.4} calculs et 2^{61} bits de suite chiffrante. Ces attaques sont bas\'{e}es sur une am\'{e}lioration de l'attaque propos\'{e}e par Hell et Johansson sur la version 2 d'Achterbahn et aussi sur un algorithme qui tire profit des petites longueurs des registres.