流密码Trivium算法是欧洲密码工程eSTREAM的7个最终获选算法之一.该文针对初始化为288轮的简化版Trivium算法进行了线性分析,更正了Turan等人给出的关于密钥、初始化向量和密钥流比特的表达式,并给出了当允许选取特殊的密钥和Ⅳ时,搜索最佳线性逼近式的算法.据此算法,找到了3个线性偏差为2-25的线性逼近式,改进了Turan等人给出的线性偏差为2-31的线性分析结果.%Stream cipher Trivium is one of the seven finalists of the eSTREAM project. In this paper, we apply linear cryptanalysis to the simplified Trivium with the initialization of 288 rounds. The equation, which involves the key bits, initial vector bits and the first keystream bit in linear approximations for 288-round Trivium of Turan, is corrected. In addition, when special Key bits and IV bits are allowed to be chosen, the algorithm to search the linear approximations with the biggest linear bias is presented. Based on this algorithm, 3 linear approximations with the same linear bias 2-25are found, which is better than Turan's 2-31.
展开▼
