Analysis of the Non-linear Part of Mugi [chapter]

Alex Biryukov, Adi Shamir
2005 Lecture Notes in Computer Science  
This paper presents the results of a preliminary analysis of the stream cipher Mugi. We study the nonlinear component of this cipher and identify several potential weaknesses in its design. While we can not break the full Mugi design, we show that it is extremely sensitive to small variations. For example, it is possible to recover the full 1216-bit state of the cipher and the original 128-bit secret key using just 56 words of known stream and in 2 14 steps of analysis if the cipher outputs any
more » ... state word which is different than the one used in the actual design. If the linear part is eliminated from the design, then the secret nonlinear 192-bit state can be recovered given only three output words and in just 2 32 steps. If it is kept in the design but in a simplified form, then the scheme can be broken by an attack which is slightly faster than exhaustive search.
doi:10.1007/11502760_21 fatcat:nakjuv2esnc3zbujqiohs7v2ry