Distinguishing attacks on stream ciphers based on arrays of pseudo-random words

in numerous modern stream ciphers, the internal state consists of a large array of pseudo-random words, while the Output key-stream is a relatively simple function of the state. It has been heuristically shown in several situations [3,8-11,14] that this structure may lead to distinguishing attacks on the cipher. In this note we present a more rigorous treatment of this structural attack. First, we present a rigorous proof of the main probabilistic claim behind it in the basic cases. We then apply it concretely to the cipher SN3 [12], and demonstrate that the heuristic assumptions of the attack are remarkably precise in more complicated cases. (C) 2009 Elsevier B.V. All rights reserved.