Heuristic guess-and-determine attacks on stream ciphers

Guess-and-determine (GD) attacks are general attacks on stream ciphers, which have often been implemented in an ad hoc manner. The authors introduce a heuristic approach to the design of GD attacks, that is a dynamic programming method using a Viterbi-like algorithm which is a well-known decoding algorithm for convolutional codes. The authors also show that with this method, the resulting GD attacks, named heuristic GD (HGD) attacks, on TIPSY, SNOW1 and SNOW2 lead to less computational complexity than the previously known GD attacks. The main advantage of HGD attacks, over ad hoc GD attacks, is that while being powerful, they can be designed algorithmically for classes of stream ciphers, holding a certain condition. Using this method, the authors examine the resistance of SOSEMANUK, a word-oriented stream cipher proposed for the encrypt stream cipher project. The complexity of the designed GD attack, O(2²²⁴), is much less than the complexity of exhaustive search attack on the internal state, O(2³⁸⁴), but larger than the claimed security level, that is O(2¹²⁸).