{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T02:08:54Z","timestamp":1760148534749,"version":"build-2065373602"},"reference-count":38,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2023,5,10]],"date-time":"2023-05-10T00:00:00Z","timestamp":1683676800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Cryptosystems employing a synchronous binary-additive stream cipher are susceptible to a generic attack called \u2019bit-flipping\u2019, in which the ciphertext is modified to decrypt into a fraudulent message. While authenticated encryption and message authentication codes can effectively negate this attack, encryption modes can also provide partial protection against bit-flipping. PudgyTurtle is a stream-cipher mode which uses keystream to encode (via an error-correcting code) and to encipher (via modulo-2 addition). Here, we describe the behavior of this mode during bit-flipping attacks and demonstrate how it creates uncertainty about the number, positions, and identities of decrypted bits that will be affected.<\/jats:p>","DOI":"10.3390\/cryptography7020025","type":"journal-article","created":{"date-parts":[[2023,5,10]],"date-time":"2023-05-10T01:57:51Z","timestamp":1683683871000},"page":"25","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["PudgyTurtle Mode Resists Bit-Flipping Attacks"],"prefix":"10.3390","volume":"7","author":[{"given":"David A.","family":"August","sequence":"first","affiliation":[{"name":"Department of Anesthesia, Massachusetts General Hospital, Boston, MA 02114, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anne C.","family":"Smith","sequence":"additional","affiliation":[{"name":"Independent Researcher, Boston, MA 02114, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2023,5,10]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"226","DOI":"10.1007\/s42979-020-00221-z","article-title":"PudgyTurtle: Using keystream to encode and encrypt","volume":"1","author":"August","year":"2020","journal-title":"SN Comput. Sci."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"127","DOI":"10.1016\/S0020-0190(01)00208-3","article-title":"A fast correlation attack on LILI-128","volume":"81","author":"Johansson","year":"2002","journal-title":"Inf. Process. Lett."},{"key":"ref_3","unstructured":"Mattsson, J. (2006). Stream Cipher Design: An Evaluation of the eSTREAM Candidate Polar Bear. [Master\u2019s Thesis, Royal Institute of Technology (KTH CSC)]."},{"key":"ref_4","unstructured":"Johansson, T., and Maitra, S. (2003, January 8\u201310). Analysis of Non-fortuitous Predictive States of the RC4 Keystream Generator. Proceedings of the Progress in Cryptology\u2014INDOCRYPT 2003, New Delhi, India."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Babbage, S. (1995, January 16\u201318). Improved \u201cexhaustive search\u201d attacks on stream ciphers. Proceedings of the European Convention on Security and Detection, Institution of Engineering and Technology, Brighton, UK.","DOI":"10.1049\/cp:19950490"},{"key":"ref_6","unstructured":"Fumy, W. (1997, January 17\u201321). Cryptanalysis of Alleged A5 Stream Cipher. Proceedings of the Advances in Cryptology\u2014EUROCRYPT \u201997, Santa Barbara, CA, USA."},{"key":"ref_7","unstructured":"Okamoto, T. (2000, January 13\u201314). Cryptanalytic Time\/Memory\/Data Tradeoffs for Stream Ciphers. Proceedings of the Advances in Cryptology\u2014ASIACRYPT, New York, NY, USA."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Goos, G., Hartmanis, J., van Leeuwen, J., and Schneier, B. (2001, January 2\u20134). Real Time Cryptanalysis of A5\/1 on a PC. Proceedings of the Fast Software Encryption, Yokohama, Japan.","DOI":"10.1007\/3-540-44706-7"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Daemen, J., and Rijmen, V. (2002, January 4\u20136). A Time-Memory Tradeoff Attack Against LILI-128. Proceedings of the Fast Software Encryption, Leuven, Belgium.","DOI":"10.1007\/3-540-45661-9"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Arjoune, Y., and Faruque, S. (2020, January 6\u20138). Smart Jamming Attacks in 5G New Radio: A Review. Proceedings of the 10th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.","DOI":"10.1109\/CCWC47524.2020.9031175"},{"key":"ref_11","unstructured":"Patrikakis, C., Masikos, M., and Zouraraki, O. (2000, January 8\u201311). Distributed Denial of Service Attacks. Proceedings of the IEEE International Conference on Systems, Man and Cybernetics, Nashville, TN, USA."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Katz, J., and Lindell, Y. (2015). Introduction to Modern Cryptography, CRC Press. [2nd ed.].","DOI":"10.1201\/b17668"},{"key":"ref_13","unstructured":"Stinson, D.R., and Tavares, S. (2001, January 16\u201317). Modes of Operation of Stream Ciphers. Proceedings of the Selected Areas in Cryptography, Toronto, ON, Canada."},{"key":"ref_14","unstructured":"Dubrova, E. (2023, March 01). A List of Maximum Period NLFSRs; IACR Cryptology ePrint Archive, Report 2012\/166. Available online: https:\/\/eprint.iacr.org\/2012\/166."},{"key":"ref_15","unstructured":"Simmons, G. (1991). Contemporary Cryptology: The Science of Information Integrity, IEEE Press."},{"key":"ref_16","unstructured":"Sarkar, P. (2023, March 01). Modes of Operations for Encryption and Authentication Using Stream Ciphers Supporting an Initialisation Vector; Cryptology ePrint Archive, Report 2011\/299. Available online: https:\/\/eprint.iacr.org\/2011\/299."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"959","DOI":"10.1007\/s12095-018-0294-5","article-title":"On Stream Ciphers with Provable Beyond-the-Birthday-Bound Security against Time-Memory-Data Tradeoff Attacks","volume":"10","author":"Hamann","year":"2018","journal-title":"Cryptogr. Commun."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"45","DOI":"10.46586\/tosc.v2017.i1.45-79","article-title":"LIZARD\u2014A Lightweight Stream Cipher for Power-Constrained Devices","volume":"1","author":"Hamann","year":"2017","journal-title":"IACR Trans. Symmetric Cryptol."},{"key":"ref_19","unstructured":"Wikipedia (2023, February 28). SAVILLE. Available online: https:\/\/en.wikipedia.org\/w\/index.php?title=SAVILLE&oldid=1050698835."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Preneel, B. (1994, January 14\u201316). A known plaintext attack on the PKZIP stream cipher. Proceedings of the Fast Software Encryption, Leuven, Belgium.","DOI":"10.1007\/3-540-60590-8"},{"key":"ref_21","unstructured":"Pkware, I. General Format of a ZIP File, technical note. Included in PKZIP 1.10 distribution, 1989. (pkz110.exe: file appnote.txt)."},{"key":"ref_22","first-page":"14","article-title":"Hiji-bij-bij: A New Stream Cipher with a Self-synchronizing Mode of Operation","volume":"2003","author":"Sarkar","year":"2003","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"ref_23","unstructured":"Anderson, R. (1994, January 14\u201316). A bulk data encryption algorithm. Proceedings of the Fast Software Encryption, Leuven, Belgium."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Klimov, A., and Shamir, A. (2005, January 21\u201323). New Applications of T-Functions in Block Ciphers and Hash Functions. Proceedings of the Fast Software Encryption Workshop, Paris, France.","DOI":"10.1007\/11502760_2"},{"key":"ref_25","unstructured":"Kara, O., and Erguler, I. (2008, January 13\u201314). A New Approach to Keystream Based Cryptosystems. Proceedings of the State of the Art of Stream Ciphers (SASC 2008), Lausanne, Switzerland."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"1916","DOI":"10.3906\/elk-1311-54","article-title":"A new security relation between information rate and state size of a keystream generator","volume":"24","author":"Kara","year":"2016","journal-title":"Turk. J. Electr. Eng. Comput. Sci."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1007\/11941378_5","article-title":"An Algorithm for Solving the LPN Problem and Its Application to Security Evaluation of the HB Protocols for RFID Authentication","volume":"Volume 4329","author":"Barua","year":"2006","journal-title":"Proceedings of the Progress in Cryptology\u2014INDOCRYPT 2006"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Aceto, L., and Damgaard, I. (2008, January 7\u201311). How to encrypt with the LPN problem. Proceedings of the Automata, Languages and Programming: 35th International Colloquium (ICALP 2008), Reykjavik, Iceland. Part I\u2014Lecture Notes in Computer Science 5125\u2014ICALP-35.","DOI":"10.1007\/978-3-540-70583-3"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"595","DOI":"10.1007\/978-3-642-03356-8_35","article-title":"Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems","volume":"Volume 5677","author":"Applebaum","year":"2009","journal-title":"Proceedings of the Advances in Cryptology 29th Annual International Cryptology Conference (CRYPTO 2009)"},{"key":"ref_30","unstructured":"Mihaljevi\u0107, M.J., and Imai, H. (2011, January 16\u201317). Employment of Homophonic Coding for Improvement of Certain Encryption Approaches Based on the LPN Problem. Proceedings of the Symmetric Key Encryption Workshop\u2014SKEW 2011, Copenhagen, Denmark."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"317","DOI":"10.1007\/3-540-44448-3_24","article-title":"Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography","volume":"Volume 1976","author":"Okamoto","year":"2000","journal-title":"Proceedings of the Advances in Cryptology\u2014ASIACRYPT 2000"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"656","DOI":"10.1002\/j.1538-7305.1949.tb00928.x","article-title":"Communication Theory of Secrecy Systems","volume":"28","author":"Shannon","year":"1949","journal-title":"Bell Syst. Tech. J."},{"key":"ref_33","unstructured":"Wong, D. (2021). Real-World Cryptography, Manning Publications Co."},{"key":"ref_34","unstructured":"Schneier, B. (2015). Applied Cryptography, John Wiley & Sons, Inc.. [2nd ed.]."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"AlFardan, N.J., and Patterson, K.G. (2013). Lucky Thirteen: Breaking the TLS and DTLS Record Protocols, Royal Holloway University\u2014College of London. Available online: https:\/\/isg.rhul.ac.uk\/tds\/Lucy13.html.","DOI":"10.1109\/SP.2013.42"},{"key":"ref_36","unstructured":"Ferguson, N. (2023, February 20). Authentication Weaknesses in GCM, Available online: https:\/\/csrc.nist.gov\/CSRC\/media\/projects\/Block-Cipher-Techniques\/documents\/BCM\/comments\/CWC-GCM\/Ferguson2.pdf."},{"key":"ref_37","unstructured":"Vaudenay, S. (May, January 28). Security Flaws Induced by CBC Padding\u2014Applications to SSL, IPSEC, WTLS. Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology (EUROCRYPT \u201902), Amsterdam, The Netherlands."},{"key":"ref_38","unstructured":"Aumasson, J.P. (2017). Serious Cryptography: A Practical Introduction to Modern Encryption, No Starch Press, Inc."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/7\/2\/25\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T19:32:32Z","timestamp":1760124752000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/7\/2\/25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5,10]]},"references-count":38,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2023,6]]}},"alternative-id":["cryptography7020025"],"URL":"https:\/\/doi.org\/10.3390\/cryptography7020025","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2023,5,10]]}}}