Jump to content

SOBER

From Wikipedia, the free encyclopedia
(Redirected from SOBER-t32)

In cryptography, SOBER is a family of stream ciphers initially designed by Greg Rose of QUALCOMM Australia starting in 1997. The name is a contrived acronym for Seventeen Octet Byte Enabled Register. Initially the cipher was intended as a replacement for broken ciphers in cellular telephony. The ciphers evolved, and other developers (primarily Phillip Hawkes) joined the project.

SOBER was the first cipher, with a 17-byte linear-feedback shift register (LFSR), a form of decimation called stuttering, and a nonlinear output filter function. The particular configuration of the shift register turned out to be vulnerable to "guess and determine" attacks.

SOBER-2 changed the position of the feedback and output taps to resist the above attacks.

S16 was an expansion to 16-bit words rather than bytes, with an expected increase of security.

Adaptions for and since NESSIE

[edit]

For the NESSIE call for new cryptographic primitives, three new versions called the t-class were developed; SOBER-t8 was virtually identical to SOBER-2 but did not have sufficient design strength for NESSIE submission; SOBER-t16 and SOBER-t32 were submitted. t32 was a further expansion to 32-bit words, while both ciphers had a more efficient method of computing the linear feedback.

Subsequent to NESSIE, SOBER-128 was designed to take into account what had been learned. The stuttering was dropped because it added too little strength for the overhead, and the nonlinear output function was strengthened. As a stream cipher, SOBER-128 remains unbroken. The message authentication capability that was added at the same time was trivially broken.

Mundja
An integrated message authentication feature based on SHA-256 that was designed to be added to stream ciphers such as SOBER-128.
Turing
Named after Alan Turing, shares the LFSR design of SOBER-128, but has a block-cipher-like output filter function with key-dependent S-boxes, and remains unbroken subject to a minor usage constraint.
NLS
Short for Non-Linear SOBER, it was submitted to the European eSTREAM project. It uses nonlinearity for the shift register, and simplifies the output filter for increased performance, using Mundja for message authentication. SSS, for Self-Synchronizing SOBER, was also submitted but has very little relationship to the other SOBER ciphers, and was quickly broken.
Shannon
Named after Claude Shannon, shortens the register to 16 32-bit words, and has completely new feedback and output filter tap positions. It incorporates a new and more efficient message authentication mechanism.
Boole
Named after George Boole,[1] is a family of combined hash functions and stream ciphers that were developed for submission to the NIST call for development of an advanced hash standard, but were withdrawn[2] when a collision was discovered.[3]

References

[edit]
  1. ^ http://seer-grog.net/BoolePaper.pdf [bare URL PDF]
  2. ^ "Archived copy" (PDF). Archived from the original (PDF) on 2009-07-13. Retrieved 2009-10-26.{{cite web}}: CS1 maint: archived copy as title (link)
  3. ^ http://ehash.iaik.tugraz.at/uploads/0/0b/BooleCollision.txt [bare URL plain text file]
[edit]