Theoretical cryptanalysis of the Klimov-Shamir number generator TF-1

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

The internal state of the Klimov-Shamir number generator TF-1 consists of four words of size w bits each, whereas its intended strength is 2 2w. We exploit an asymmetry in its output function to show that the internal state can be recovered after having 2 w outputs, using 2 1.5w operations. For w = 32 the attack is practical, but for their recommended w = 64 it is only of theoretical interest.

Original languageEnglish
Pages (from-to)389-392
Number of pages4
JournalJournal of Cryptology
Volume20
Issue number3
DOIs
StatePublished - Jul 2007

Keywords

  • Pseudorandom number generators
  • T-functions
  • TF-1

Fingerprint

Dive into the research topics of 'Theoretical cryptanalysis of the Klimov-Shamir number generator TF-1'. Together they form a unique fingerprint.

Cite this