Here you can find a Python implementation of the F-FCSR-H stream cipher as well as different implementations of a state recovery attack
git clone https://github.com/ergrelet/ffcsr
cd ffcsr
- Python 3
- SageMath
See main.py to get an idea of how to use the F_FCSR_H class
Lookup tables are used in "attack_tables.py" and "attack_tables_mp.py" to make internal states' calculations' cost constant.
To generate these tables you'll need to edit "generate_tables.py" and set TABLES_PATH to the desired location of the output files.
Then, typing the following instruction in sage:
attach("path_to_ffcsr_dir/generate_tables.py")
And to generate dumps, first edit "generate_dump.py", set the desired key and IV and set DUMP_PATH to the desired location of the output file.
Then, run:
python generate_dump.py
To run the attack without using lookup tables you'll need to edit "attack.py" and set DUMP_PATH to the location of your dump file.
Note: This is version is very slow.
Then, typing the following instruction in sage:
attach("path_to_ffcsr_dir/attack.py")
To run the attack you'll need to edit "attack_tables.py" and set DUMP_PATH and TABLES_PATH to the locations of your dump and lookup tables files.
And then simply run:
python attack_tables.py
or, if you want to use the multi-processing version of this attack:
python attack_tables_mp.py