The stream cipher SNOW 3G is the core of the 3G Partnership Project (3GPP) for implementing a confidentiality algorithm and data integrity algorithm. In this study, the authors analyse the initialisation stage based on the chosen IV differential attacks on the reduced-round SNOW 3G and SNOW . Firstly, they show a distinguisher for 12-round SNOW 3G and 255 distinguishers for 13-round SNOW , respectively. Secondly, they use the input differences and the output differences of the S-box to recover the input of S-box, which can recover full keys in real-time for 12-round SNOW . The data complexity is 36 and the time complexity is small. Finally, they use the impossible differences of the S-box as a filter to extend the initialisation rounds of the attack to 16-round SNOW . The data complexity is 28 and the time complexity is . So far, the authors’ attack results are the best in terms of chosen IV differential attacks. At the same time, their attack results are superior to multiset collision attacks in terms of data complexity, and their attack method can recover full keys, while multiset collision attacks can only partially recover the internal states in 15-round SNOW .

中文翻译：

---

对SNOW 3G和SNOW 3G缩减轮的差分攻击^⊕

流密码SNOW 3G是3G合作伙伴计划（3GPP）的核心，用于实现机密性算法和数据完整性算法。在这项研究中，作者根据针对缩减后的SNOW 3G和SNOW的选定IV差分攻击来分析初始化阶段 。首先，他们展示了12轮SNOW 3G的区分符和255的13轮SNOW的区分符 ， 分别。其次，他们利用S-box的输入差异和输出差异来恢复S-box的输入，从而可以实时恢复12轮SNOW的完整密钥。 。数据复杂度为36，时间复杂度较小。最后，他们使用S-box的不可能差异作为过滤器，将攻击的初始化回合扩展到16轮SNOW 。数据复杂度为28，时间复杂度为 。到目前为止，就选择的IV差分攻击而言，作者的攻击结果是最好的。同时，它们的攻击结果在数据复杂度方面优于多集冲突攻击，并且其攻击方法可以恢复完整密钥，而多集冲突攻击只能部分恢复15轮SNOW的内部状态。 。