This paper presents the results of a preliminary analysis of the stream cipher MUGI. We study the nonlinear component of this cipher and identify several potential weaknesses in its design. While we can not break the full MUGI design, we show that it is extremely sensitive to small variations. For example, it is possible to recover the full 1216-bit state of the cipher and the original 128-bit secret key using just 56 words of known stream and in 2~(14) steps of analysis if the cipher outputs any state word which is different than the one used in the actual design. If the linear part is eliminated from the design, then the secret nonlinear 192-bit state can be recovered given only three output words and in just 2~(32) steps. If it is kept in the design but in a simplified form, then the scheme can be broken by an attack which is slightly faster than exhaustive search.
展开▼
