Guilin University Of Electronic Technology
Related-key and chosen IV attacks are well known cryptanalytic tools in cryptanalysis of stream ciphers. Though the related-key model is considered to be much more unrealistic scenario than the chosen IV model the authors show that under certain circumstances the attack assumptions may become equivalent. They show that the key differentiation method induces a generic attack in a related-key model whose time complexity in the on-line phase is less than the exhaustive key search. The case of formal equivalency between the two scenarios arises when so-called differentiable polynomials with respect to some subset of key variables are a part of the state bit expressions (from which the output key-stream bits are built).