Snow
Thomas Johansson and Patrik Ekdahl created the SNOW family of stream ciphers at Lund University. Their design centers on a 512-bit linear feedback shift register. This core component feeds into a non-linear output state machine containing additional words of state. Early versions like SNOW 1.0, SNOW 2.0, and SNOW 3G utilize a shift register holding sixteen 32-bit words. Each iteration advances this register by 32 bits to produce 32 bits of output data. The system employs a 32-bit add-rotate-XOR transformation for its final output step. Later iterations such as SNOW-V and SNOW-Vi shifted focus to handle larger data blocks efficiently. These newer versions use thirty-two 16-bit words arranged within four 128-bit SIMD registers. They advance by only 16 bits per cycle while generating 128 bits of output simultaneously.
The original cipher known as SNOW 1.0 was submitted to the NESSIE project for evaluation. Reviewers discovered specific weaknesses during their analysis that prevented inclusion in the final suite. The authors responded by developing version 2.0 to address these identified flaws. This new iteration improved performance metrics while fixing the structural vulnerabilities found earlier. The cipher operates on 32-bit words and supports keys ranging from 128 to 256 bits long. It combines a linear feedback shift register with a finite-state machine where the register feeds the next state function. The design features a short initialization phase allowing for very good performance on both 32-bit processors and hardware implementations. Despite the initial rejection, the work laid groundwork for future cryptographic standards.
During the ETSI SAGE evaluation process, designers modified the algorithm further to increase resistance against algebraic attacks. The resulting variant received the name SNOW 3G. This version became the chosen stream cipher for UEA2 encryption algorithms within mobile telecommunications standards. It also serves as the basis for UIA2 integrity protection mechanisms used in 3GPP networks. The modification ensured the system could withstand related-key attacks that previously affected SNOW 2.0. These changes were critical for adoption in global mobile communication infrastructure. The cipher now protects data across billions of devices worldwide through standardized protocols.
SNOW-V emerged as an extensive redesign published in 2019 to match high-speed requirements of 5G cellular networks. It generates 128 bits of output per iteration using Advanced Encryption Standard round functions. These AES functions are commonly implemented directly in hardware on recent processors for maximum efficiency. SNOW-Vi followed with tweaks designed for even higher speed through small changes to its linear feedback shift register. Both versions utilize SIMD registers to perform eight LFSR iterations simultaneously before a single output transformation step. This approach allows modern CPUs to process massive amounts of encrypted data without slowing down. The architecture maintains two additional 128-bit words of state alongside the main register operations.
Researchers found that related keys exist for both SNOW 2.0 and SNOW 3G variants. These relationships allow attackers to mount specific attacks within the related-key model against the older versions. Algebraic vulnerabilities also affect certain configurations of the cipher suite when analyzed under rigorous conditions. Despite these findings, the system remains one of the stream ciphers chosen for ISO/IEC standard ISO/IEC 18033-4. The ESTREAM project used SNOW as a reference cipher for performance evaluation purposes. Security experts continue to monitor the algorithm for new attack vectors while relying on its standardized status for practical applications.
Common questions
Who created the SNOW family of stream ciphers?
Thomas Johansson and Patrik Ekdahl created the SNOW family of stream ciphers at Lund University. Their design centers on a 512-bit linear feedback shift register that feeds into a non-linear output state machine.
When was SNOW-V published to match high-speed requirements of 5G cellular networks?
SNOW-V emerged as an extensive redesign published in 2019 to match high-speed requirements of 5G cellular networks. It generates 128 bits of output per iteration using Advanced Encryption Standard round functions implemented directly in hardware.
What is the core component used by early versions like SNOW 1.0 and SNOW 3G?
Early versions like SNOW 1.0, SNOW 2.0, and SNOW 3G utilize a shift register holding sixteen 32-bit words. Each iteration advances this register by 32 bits to produce 32 bits of output data through a 32-bit add-rotate-XOR transformation.
Why did reviewers reject the original cipher known as SNOW 1.0 from the NESSIE project?
Reviewers discovered specific weaknesses during their analysis that prevented inclusion in the final suite of the NESSIE project. The authors responded by developing version 2.0 to address these identified flaws and improve performance metrics.
How does SNOW 3G function within mobile telecommunications standards?
The resulting variant received the name SNOW 3G after designers modified the algorithm further to increase resistance against algebraic attacks. This version became the chosen stream cipher for UEA2 encryption algorithms within mobile telecommunications standards and serves as the basis for UIA2 integrity protection mechanisms used in 3GPP networks.