Cryptanalysis of ORYX

D. Wagner, L. Simpson, E. Dawson, J. Kelsey, W. Millan, and B. Schneier

Fifth Annual Workshop on Selected Areas in Cryptography, Springer Verlag, August 1998, to appear.

ABSTRACT: We present an attack on the ORYX stream cipher that requires only 25-27 bytes of known plaintext and has time complexity of 216. This attack directly recovers the full 96-bit internal state of ORYX, regardless of the key schedule. As the ORYX cipher is used to encrypt the data transmissions in the North American Cellular system, these results are further evidence that many of the encryption algorithms used in second generation mobile communications offer a low level of security.

[full text - PDF (Acrobat)] [full text - Postscript]

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..