Khazaei, ShahramMeier, Willi2010-11-302010-11-302010-11-30200810.1007/978-3-540-89754-5_2https://infoscience.epfl.ch/handle/20.500.14299/60648WOS:000264555800002In cryptology we commonly face the problem of finding an unknown key K from the output of an easily computable keyed function F(C, K) where the attacker has the power to choose the public variable C. In this work we focus on self-synchronizing stream ciphers. First we show how to model these primitives in the above-mentioned general problem by relating appropriate functions F to the underlying ciphers. Then we apply the recently proposed framework presented at AfricaCrypt'08 by Fischer et. al. for dealing with this kind of problems to the proposed T-function based self-synchronizing stream cipher by Klimov and Shamir at FSE'05 and show how to deduce some non-trivial information about the key. We also open a new window for answering a crucial question raised by Fischer et. al. regarding the problem of finding weak IV bits which is essential for their attack.Self-synchronizing Stream CiphersT-functionsKey RecoveryIv Statistical-Analysistext::conference output::conference proceedings::conference paper