TY - JOUR
T1 - Theoretical cryptanalysis of the Klimov-Shamir number generator TF-1
AU - Tsaban, Boaz
PY - 2007/7
Y1 - 2007/7
N2 - The internal state of the Klimov-Shamir number generator TF-1 consists of four words of size w bits each, whereas its intended strength is 2 2w. We exploit an asymmetry in its output function to show that the internal state can be recovered after having 2 w outputs, using 2 1.5w operations. For w = 32 the attack is practical, but for their recommended w = 64 it is only of theoretical interest.
AB - The internal state of the Klimov-Shamir number generator TF-1 consists of four words of size w bits each, whereas its intended strength is 2 2w. We exploit an asymmetry in its output function to show that the internal state can be recovered after having 2 w outputs, using 2 1.5w operations. For w = 32 the attack is practical, but for their recommended w = 64 it is only of theoretical interest.
KW - Pseudorandom number generators
KW - T-functions
KW - TF-1
UR - http://www.scopus.com/inward/record.url?scp=34547227247&partnerID=8YFLogxK
U2 - 10.1007/s00145-007-0564-4
DO - 10.1007/s00145-007-0564-4
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
SN - 0933-2790
VL - 20
SP - 389
EP - 392
JO - Journal of Cryptology
JF - Journal of Cryptology
IS - 3
ER -