{"id":95214,"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00095214","sets":["581:7002:7265"]},"path":["7265"],"owner":"11","recid":"95214","title":["Slide Property of RAKAPOSHI and Its Application to Key Recovery Attack"],"pubdate":{"attribute_name":"公開日","attribute_value":"2013-09-15"},"_buckets":{"deposit":"7ca2cfb1-27f4-427d-b363-5315b1bc26db"},"_deposit":{"id":"95214","pid":{"type":"depid","value":"95214","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"Slide Property of RAKAPOSHI and Its Application to Key Recovery Attack","author_link":["358607","358608","358605","358606","358610","358609"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Slide Property of RAKAPOSHI and Its Application to Key Recovery Attack"},{"subitem_title":"Slide Property of RAKAPOSHI and Its Application to Key Recovery Attack","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集：未来を切り開くコンピュータセキュリティ技術] stream cipher, slide attack, related-key attack, RAKAPOSHI, initialization process, partial slide pair","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2013-09-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"Kobe University"},{"subitem_text_value":"Hiroshima University"},{"subitem_text_value":"Kobe University"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Hiroshima University","subitem_text_language":"en"},{"subitem_text_value":"Kobe University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"eng"}]},"publish_status":"0","weko_shared_id":11,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/95214/files/IPSJ-JNL5409005.pdf","label":"IPSJ-JNL5409005"},"date":[{"dateType":"Available","dateValue":"2015-09-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL5409005.pdf","filesize":[{"value":"339.0 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"7ad33f8d-2469-4c75-896f-571595862b98","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2013 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Takanori, Isobe"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Toshihiro, Ohigashi"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masakatu, Morii"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Takanori, Isobe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Toshihiro, Ohigashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masakatu, Morii","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"This paper gives a first security evaluation of a lightweight stream cipher RAKAPOSHI. In particular, we analyze a slide property of RAKAPOSHI such that two different Key-IV pairs generate the same keystream but n-bit shifted. To begin with, we demonstrate that any Key-IV pair has a corresponding slide Key-IV pair that generates an n-bit shifted keystream with a probability of 2-2n. In order to experimentally support our results, some examples of such pairs are given. Then, we show that this property is able to be converted into key recovery attacks on RAKAPOSHI. In the related-key setting, our attack based on the slide property can recover a 128-bit key with a time complexity of 241 and 238 chosen IVs. Moreover, by using a variant of slide property called partial slide pair, this attack is further improved, and then a 128-bit key can be recovered with a time complexity of 233 and 230 chosen IVs. Finally, we present a method for speeding up the brute force attack by a factor of 2 in the single key setting.\n\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.21(2013) No.4 (online)\nDOI http://dx.doi.org/10.2197/ipsjjip.21.599\n------------------------------","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"This paper gives a first security evaluation of a lightweight stream cipher RAKAPOSHI. In particular, we analyze a slide property of RAKAPOSHI such that two different Key-IV pairs generate the same keystream but n-bit shifted. To begin with, we demonstrate that any Key-IV pair has a corresponding slide Key-IV pair that generates an n-bit shifted keystream with a probability of 2-2n. In order to experimentally support our results, some examples of such pairs are given. Then, we show that this property is able to be converted into key recovery attacks on RAKAPOSHI. In the related-key setting, our attack based on the slide property can recover a 128-bit key with a time complexity of 241 and 238 chosen IVs. Moreover, by using a variant of slide property called partial slide pair, this attack is further improved, and then a 128-bit key can be recovered with a time complexity of 233 and 230 chosen IVs. Finally, we present a method for speeding up the brute force attack by a factor of 2 in the single key setting.\n\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.21(2013) No.4 (online)\nDOI http://dx.doi.org/10.2197/ipsjjip.21.599\n------------------------------","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicIssueDates":{"bibliographicIssueDate":"2013-09-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"54"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"updated":"2025-01-20T06:47:42.453985+00:00","created":"2025-01-18T23:42:21.850808+00:00","links":{}}