Cryptanalysis of Loiss stream cipher -- revisited (Q2336433)

Summary: Loiss is a novel byte-oriented stream cipher proposed in [\textit{D. Feng} et al., Lect. Notes Comput. Sci. 6639, 109--125 (2011; Zbl 1272.94029)]. In this paper, based on solving systems of linear equations, we propose an improved Guess and Determine attack on Loiss with a time complexity of \(2^{231}\) and a data complexity of \(2^{68}\), which reduces the time complexity of the Guess and Determine attack proposed by the designers by a factor of \(2^{16}\). Furthermore, a related key chosen \textit{IV} attack on a scaled-down version of Loiss is presented. The attack recovers the 128-bit secret key of the scaled-down Loiss with a time complexity of \(2^{80}\), requiring \(2^{64}\) chosen \textit{IV}s. The related key attack is minimal in the sense that it only requires one related key. The result shows that our key recovery attack on the scaled-down Loiss is much better than an exhaustive key search in the related key setting.