Theoretical cryptanalysis of the Klimov-Shamir number generator TF-1
classification
💻 cs.CR
cs.CC
keywords
generatorinternalklimov-shamirnumberstatetf-1theoreticalasymmetry
read the original abstract
The internal state of the Klimov-Shamir number generator TF-1 consists of four words of size w bits each, whereas its intended strength is 2^{2w}. We exploit an asymmetry in its output function to show that the internal state can be recovered after having 2^w outputs, using 2^{1.5w} operations. For w=32 the attack is practical, but for their recommended w=64 it is only of theoretical interest.
This paper has not been read by Pith yet.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.