Py (cipher)

From Wikipedia, the free encyclopedia

Py is a stream cipher submitted to eSTREAM by Eli Biham and Jennifer Seberry. It is one of the fastest eSTREAM candidates at around 2.6 cycles per byte on some platforms. It has a structure a little like RC4, but adds an array of 260 32-bit words which are indexed using a permutation of bytes, and produces 64 bits in each round.

As of 2006, the best cryptanalytic attack on Py (by Hongjun Wu and Bart Preneel) can under some circumstances (eg where the IV is much longer than the key) recover the key given partial keystreams for 2²⁴ chosen IVs [1].

Given only known plaintext, there is also a distinguishing attack on the keystream (by Paul Crowley) which requires around 2⁷² bytes of output and comparable time. This is an improvement on an attack presented by Gautham Sekar, Souradyuti Paul and Bart Preneel which requires 2⁸⁸ bytes. There is a still a debate whether these attacks constitute an academic break of Py. When the attackers claim that the above attacks can be built with workload less than the exhaustive search under the design specifications of Py and therefore, it is clearly a theoretical break of the cipher, the designers rule out the attacks because Py's security bounds limit any attacker to a total of 2⁶⁴ bytes of output across all keystreams everywhere. A recent revision of the Paul, Preneel, and Sekar paper includes a detailed discussion of this issue in section 9. There are no doubts about the legitimacy of the Wu and Preneel attack.

The authors assert that the name is to be pronounced "Roo", a reference to the cipher's Australian origin, by reading the letters "Py" as Cyrillic (РУ) rather than Latin characters. This somewhat perverse spelling is meant in part as a joke about the difficult-to-pronounce name Rijndael for the cipher which was adopted as the Advanced Encryption Standard.

Py has been selected as Phase 2 Focus Candidate for Profile 1 (software) by the eSTREAM project [2].

[edit] External links

• Py specification (PostScript)
• eStream page on Py
• Cryptanalysis of Py
• Souradyuti Paul, Bart Preneel, Gautham Sekar, Distinguishing attacks on the stream cipher Py
• The Rijndael page - the "Rijndael FAQ" is gently parodied in Appendix B of the Py specification.

Stream ciphers v • d • e
Algorithms: A5/1 | A5/2 | FISH | Grain | HC-256 | ISAAC | MUGI | Panama | Phelix | Pike | Py | Rabbit | RC4 | Salsa20 | Scream | SEAL | SOBER | SOBER-128 | SOSEMANUK | Trivium | VEST | WAKE
Theory: Shift register | LFSR | NLFSR | Shrinking generator   Standardization: eSTREAM
Cryptography v • d • e
History of cryptography | Cryptanalysis | Cryptography portal | Topics in cryptography
Symmetric-key algorithm | Block cipher | Stream cipher | Public-key cryptography | Cryptographic hash function | Message authentication code | Random numbers