Impossible Differential Cryptanalysis on DVB-CSA

• Kai Zhang,
• Jie Guan,
• Bin Hu,

Vol. 10, No. 4, April 29, 2016
10.3837/tiis.2016.04.027, Download Paper (Free):

• hybrid symmetric cipher
• Impossible Differential Cryptanalysis
• DVB-CSA

Abstract

The Digital Video Broadcasting-Common Scrambling Algorithm is an ETSI-designated algorithm designed for protecting MPEG-2 signal streams, and it is universally used. Its structure is a typical hybrid symmetric cipher which contains stream part and block part within a symmetric cipher, although the entropy is 64 bits, there haven’t any effective cryptanalytic results up to now. This paper studies the security level of CSA against impossible differential cryptanalysis, a 20-round impossible differential for the block cipher part is proposed and a flaw in the cipher structure is revealed. When we attack the block cipher part alone, to recover 16 bits of the initial key, the data complexity of the attack is O(244.5), computational complexity is O(222.7) and memory complexity is O(210.5) when we attack CSA-BC reduced to 21 rounds. According to the structure flaw, an attack on CSA with block cipher part reduced to 21 rounds is proposed, the computational complexity is O(221.7), data complexity is O(243.5) and memory complexity is O(210.5), we can recover 8 bits of the key accordingly. Taking both the block cipher part and stream cipher part of CSA into consideration, it is currently the best result on CSA which is accessible as far as we know.

Statistics

Cite this article