# Re: Criticism of a proposed stream cipher requested.

*From*: Paul Rubin <no.email@xxxxxxxxxxxxxx>*Date*: Wed, 02 Jun 2010 09:46:10 -0700

Francois Grieu <fgrieu@xxxxxxxxx> writes:

I suspect that there might be ways to trade abundance of known

plaintext against less time and/or memory; or perhaps a much more

devastating attack. But I fail to pinpoint that right now.

Isn't this a trivial linear algebra problem? Let K1...K100 be the

unknown key bits. Let P1...P100 be the known plaintext. Let C1,C2....

be the ciphertext. Let Si,j be the j'th bit of the square root of i.

So

Cn = K1*S1,n + K2*S2,n + ... + K100*S100,n + Pn

where the multiplication is in GF(2). Solve simultaneous equations to

get K. Am I misunderstanding the question and/or overlooking something

silly?

.

**Follow-Ups**:**Re: Criticism of a proposed stream cipher requested.***From:*Scott Fluhrer

**Re: Criticism of a proposed stream cipher requested.***From:*Francois Grieu

**References**:**Criticism of a proposed stream cipher requested.***From:*Cryptoengineer

**Re: Criticism of a proposed stream cipher requested.***From:*Francois Grieu

- Prev by Date:
**Re: Criticism of a proposed stream cipher requested.** - Next by Date:
**Re: Criticism of a proposed stream cipher requested.** - Previous by thread:
**Re: Criticism of a proposed stream cipher requested.** - Next by thread:
**Re: Criticism of a proposed stream cipher requested.** - Index(es):