Skip to Main Content
This correspondence describes the cryptanalysis of Mir-1, a T-function based stream cipher proposed at eSTREAM (the ECRYPT Stream Cipher Project) in 2005. This cipher uses a multiword T-function, with four 64-bit words, as its basic structure. Mir-1 operations process the data in every 64 bits (one word) to generate a keystream. The correspondence discusses a distinguishing attack against Mir-1 that exploits the T-function characteristics and the Mir-1 initialization. With merely three or four initial vector pairs, this attack can distinguish a Mir-1 output sequence from a truly random number sequence. In this case, the amount of data theoretically needed for cryptanalysis is only 210 words. This correspondence also proposes a countermeasure that provides resistance against the attack described in this correspondence.