New Results of Related-key Attacks on All Py-Family of Stream Ciphers

The stream cipher tpypy has been designed by biham and seberry in january 2007 as the strongest member of the py-family of stream ciphers. at indocrypt 2007, sekar, paul and preneel showed related-key weaknesses in the py-family of stream ciphers including the strongest member tpypy. furthermore, they modified the stream ciphers tpypy and tpy to generate two fast ciphers, namely rcr-32 and rcr-64, in an attempt to rule out all the attacks against the py-family of stream ciphers. so far there exists no attack on rcr-32 and rcr-64.in this paper, we show that the related-key weaknesses can be still used to construct related-key distinguishing attacks on all py-family of stream ciphers including the modified versions rcr- 32 and rcr-64. under related keys, we show distinguishing attacks on rcr-32 and rcr-64 with data complexity 2139.3 and advantage greater than 0.5. we also show that the data complexity of the distinguishing attacks on py-family of stream ciphers proposed by sekar et al. can be reduced from 2193.7 to 2149.3 . these results constitute the best attacks on the strongest members of the py-family of stream ciphers tpypy, rcr-32 and rcr-64. by modifying the key setup algorithm, we propose two new stream ciphers trcr-32 and trcr-64 which are derived from rcr-32 and rcr-64 respectively. based on our security analysis, we conjecture that no attacks lower than brute force are possible on trcr-32 and trcr-64 stream ciphers.