Editing Turing (cipher)

__NOTOC__
'''Turing''' is a [[stream cipher]] developed by [[Gregory G. Rose]] and [[Philip Hawkes]] at [[Qualcomm]] for [[CDMA]].<ref name=":3">[[Gregory G. Rose]] and [[Philip Hawkes]], Turing: A Fast Stream Cipher, [[Fast Software Encryption]] 2003, pp. 290–306 [https://web.archive.org/web/20040708144423/http://www.qualcomm.com.au/PublicationsDocs/Turing.pdf (PDF)].</ref> 

Turing generates 160 bits of output in each round by applying a non-linear filter to the internal state of an [[LFSR]]. It is named after [[Alan Turing]].<ref name=":3" /> It was developed based on the SOBER cipher introduced by Rose in 1998.<ref name=":0">{{Cite book|title=New Stream Cipher Designs: The ESTREAM Finalists|last=Robshaw|first=Matthew|last2=Billet|first2=Olivier|date=2008|publisher=Springer Science & Business Media|isbn=978-3540683506|location=Berlin|pages=58}}</ref> This is evident in its major component, the Linear Feedback Shift Register (LFSR), which is the same technology found in the family of SOBER machines.<ref name=":2">{{Cite book|title=Fast Software Encryption: 10th International Workshop, FSE 2003, LUND, Sweden, February 24-26, 2003, Revised Papers|last=Johansson|first=Thomas|date=2003|publisher=Springer Science & Business Media|isbn=3540204490|location=Berlin|pages=290}}</ref> Turing, however, is distinguished from its predecessors by the way it produces five words (five times more) of output for every internal update.<ref name=":0" /> It also provides up to 256-bit key strength and is designed to be fast in software,<ref name=":2" /> achieving around 5.5 cycles/byte on some [[x86]] processors.

There are experts who found that the Turing stream cipher has a number of weaknesses when faced with chosen IV attacks.<ref name=":1">{{Cite book|title=Selected Areas in Cryptography: 10th Annual International Workshop, SAC 2003, Ottawa, Canada, August 14-15, 2003, Revised Papers|last=Matsui|first=Mitsuru|last2=Zuccherato|first2=Robert|date=2004|publisher=Springer Science & Business Media|isbn=3540213708|location=Berlin|pages=205}}</ref> For instance, its key scheduling algorithm has the same secret key for different initialization vectors and this is found to lower the system's security.<ref name=":1" />

==See also==
* [[SOBER-128]]
* [[Helix (cipher)|Helix]]

==References==
{{reflist}}

==Bibliography==
* Antoine Joux and Frédéric Muller, A Chosen IV Attack Against Turing, [[Selected Areas in Cryptography]] 2003, pp. 194–207 [http://www.ssi.gouv.fr/archive/fr/sciences/fichiers/lcr/jomu03b.pdf (PDF)].

==External links==
* [https://github.com/fflewddur/quick-turing Optimized Java implementation of Turing algorithm]
* [http://www.jdudar.com/turing/index.html Java Implementation of Turing Algorithm]
* [https://www.iacr.org/archive/fse2003/28870306/28870306.pdf Turing: a Fast Stream Cipher]
* [https://web.archive.org/web/20120402223524/https://opensource.qualcomm.com/index.php?turing Slides and C reference implementation at Qualcomm] 

[[Category:2003 introductions]]
[[Category:Stream ciphers]]
[[Category:Qualcomm]]
[[Category:Alan Turing]]

{{cryptography navbox | stream}}

{{crypto-stub}}