This article includes a list of general references, but it remains largely unverified because it lacks sufficient corresponding inline citations. (September 2018) (Learn how and when to remove this template message)
Turing generates 160 bits of output in each round by applying a non-linear filter to the internal state of an LFSR. It is named after Alan Turing. It was developed based on the SOBER cipher introduced by Rose in 1998. This is evident in its major component, the Linear Feedback Shift Register (LFSR), which is the same technology found in the family of SOBER machines. Turing, however, is distinguished from its predecessors by the way it produces five words (five times more) of output for every internal update. It also provides up to 256-bit key strength and is designed to be fast in software, achieving around 5.5 cycles/byte on some x86 processors.
There are experts who found that the Turing stream cipher has a number of weaknesses when faced with chosen IV attacks. For instance, its key scheduling algorithm has the same secret key for different initialization vectors and this is found to lower the system's security.
- Gregory G. Rose and Philip Hawkes, Turing: A Fast Stream Cipher, Fast Software Encryption 2003, pp. 290–306 (PDF).
- Robshaw, Matthew; Billet, Olivier (2008). New Stream Cipher Designs: The ESTREAM Finalists. Berlin: Springer Science & Business Media. p. 58. ISBN 978-3540683506.
- Johansson, Thomas (2003). Fast Software Encryption: 10th International Workshop, FSE 2003, LUND, Sweden, February 24-26, 2003, Revised Papers. Berlin: Springer Science & Business Media. p. 290. ISBN 3540204490.
- Matsui, Mitsuru; Zuccherato, Robert (2004). Selected Areas in Cryptography: 10th Annual International Workshop, SAC 2003, Ottawa, Canada, August 14-15, 2003, Revised Papers. Berlin: Springer Science & Business Media. p. 205. ISBN 3540213708.
- Antoine Joux and Frédéric Muller, A Chosen IV Attack Against Turing, Selected Areas in Cryptography 2003, pp. 194–207 (PDF).