In this paper we present an effective guess-and-determine at- tack against the stream cipher Polar Bear. The attack requires knowledge of the first 24 bytes of plaintext and recovers the state with a computa- tional complexity of O(2⁷⁹). We also briefly discuss how this weakness can be addressed by the authors in an updated version of Polar Bear.

In this paper we propose a Guess-and-Determine based initial state recovery attack on Polar Bear, one of the ECRYPT stream cipher project candidates, which is an improvement of the recently proposed one by J. Mattsson with computational complexity of O(2⁷⁹). The computational complexity and success probability of our attack are O(2³¹) and 2^-26.4 respectively which can also be considered as one with computational complexity of O(2^57.4).