In this paper, we analyze the security of a new stream cipher-COSvd(2,128). This cipher was proposed by E. Filiol et al. at the ECRYPT SASC'2004 (The State of the Art of Stream Ciphers). It uses clock-controlled non-linear feedback registers together with an S-box controlled by a chaotic sequence and was claimed to prevent any existing attacks. However, our analysis shows that there are some serious security flaws in the design of the S-box, resulting in heavy biased byte distribution in the keystream. In some broadcast applications, this flaw will cause a ciphertext-only attack with high success rate. Besides, there are also many security flaws in other parts of the cipher. We point out these flaws one by one and develop a divide-and-conquer attack to recover the secret keys from O(2^26)-byte known plaintext with success rate 93.4597% and complexity O(2^113), which is much lower than 2^512, the complexity of exhaustive search.
