In Cryptanalysis of the Stream Cipher DECIM (section 5.2), Wu and Preneel describe a broadcast attack on stream ciphers with single-bit keystream biases.
It works as follows. Suppose that each bit of a biased keystream is equal to 0 with probability 0.5+p, where p>0. Now suppose we obtain N encryptions of a single message under different keystreams (such as from a broadcast). If more than half of the bits in position i of each ciphertext are 0 then guess that the ith message bit equals 0, and 1 otherwise. Wu and Preneel assert that for N = p^(-2) the probability that our guess is correct is 0.977.
The post Broadcast Attacks on Stream Ciphers appeared first on Calcatraz Blog.