Theoretical Linear Cryptanalysis of the 5G Standard Candidate SNOW 5G

Authors

  • Yinuo Liu Information Engineering University, Zhengzhou, China
  • Jing Yang Information Engineering University, Zhengzhou, China
  • Tian Tian Information Engineering University, Zhengzhou, China

DOI:

https://doi.org/10.46586/tosc.v2024.i2.141-165

Keywords:

SNOW 5G, linear cryptanalysis, linear approximations, divide-and-conquer

Abstract

In this paper, we perform linear cryptanalysis of the stream cipher SNOW 5G, which is recommended by the international standardization group (SAGE) as one standard algorithm for 5G confidentiality and integrity protection over the wireless channel. SNOW 5G can be regarded as one member of the SNOW-V family, as it is modified from SNOW-Vi by SAGE with a slight improvement. As an overall contribution, we provide a comprehensive and elaborate theoretical analysis of linear approximations of SNOW 5G and provide the best public cryptanalysis result by far. Specifically, we first theoretically analyze the formats of linear masks of SNOW5G that can introduce high correlations, and then search for high-quality linear masks using a divide-and-conquer method based on the different cases of a critical intermediate linear mask. We find a linear approximation of SNOW 5G with correlation −2−67.67 and further launch a correlation attack against it with complexity 2279.8, improving the existing best correlation attack by a factor of 232.4. Our results are mainly from theoretical analysis, which involve little computation overhead and help to better understand the security of SNOW 5G.

Downloads

Published

2024-06-18

Issue

Section

Articles

How to Cite

Theoretical Linear Cryptanalysis of the 5G Standard Candidate SNOW 5G. (2024). IACR Transactions on Symmetric Cryptology, 2024(2), 141-165. https://doi.org/10.46586/tosc.v2024.i2.141-165