Abstract. In this paper, we study and compare two popular methods for post-processing random number generators: linear and Von Neumann compression. We show that linear compression can achieve much better throughput than Von Neumann compression, while achieving practically good level of security. We also introduce a concept known as the adversary bias which measures how accurately an adversary can guess the output of a random number generator, e.g. through a trapdoor or a bad RNG design. Then we prove that linear compression performs much better than Von Neumann compression when correcting adversary bias. Finally, we discuss on good ways to implement this linear compression in hardware and give a field-programmable gate array (FPGA) implementation to provide resource utilization estimates.
In this paper, we study GF-NLFSR, a Generalized Unbalanced Feistel Network (GUFN) which can be considered as an extension of the outer function FO of the KASUMI block cipher. We show that the differential and linear probabilities of any n + 1 rounds of an n-cell GF-NLFSR are both bounded by p 2 , where the corresponding probability of the round function is p. Besides analyzing security against differential and linear cryptanalysis, we provide a frequency distribution for upper bounds on the true differential and linear hull probabilities. From the frequency distribution, we deduce that the proportion of input-output differences/mask values with probability bounded by p n is close to 1 whereas only a negligible proportion has probability bounded by p 2 . We also recall an n 2 -round integral attack distinguisher and (n 2 + n − 2)-round impossible differential distinguisher on the n-cell GF-NLFSR by Li et al. and Wu et al. As an application, we design a new 30-round block cipher Four-Cell + based on a 4-cell GF-NLFSR. We prove the security of Four-Cell + against differential, linear, and boomerang attack. Four-Cell + also resists existing key This is a revised version of our ACISP 2009 paper [3]. We updated the analysis of integral and impossible differential attacks to include improved results of Li et al. [11] and Wu et al. [24]. We modified the design of our proposed cipher Four-Cell to Four-Cell + by increasing the number of rounds from 25 to 30 while keeping the number of S-boxes the same at 160, so as to better protect against the improved attacks. We further generalized the proofs of our main Theorems 1 and 2. Finally, we reorganized the paper for better readability. recovery attacks based on the 16-round integral attack distinguisher and 18-round impossible differential distinguisher. Furthermore, Four-Cell + can be shown to be secure against other attacks such as higher order differential attack, cube attack, interpolation attack, XSL attack and slide attack.
In this paper, we present the time-memory-data (TMD) trade-off attack on stream ciphers filter function generators and filter cominers based on Maiorana-McFarland functions. This can be considered as a generalization of the time-memory-data trade-off attack of Mihaljevic and Imai on Toyocrypt. First, we substitute the filter function in Toyocrypt (which has the same size as the LFSR) with a general Maiorana-McFarland function. This allows us to apply the attack to a wider class of stream ciphers. Second, we highlight how the choice of different Maiorana-McFarland functions can affect the effectiveness of our attack. Third, we show that the attack can be modified to apply on filter functions which are smaller than the LFSR and on filter-combiner stream ciphers. This allows us to cryptanalyze other configurations commonly found in practice. Finally, filter functions with vector output are sometimes used in stream ciphers to improve the throughput. Therefore the case when the Maiorana-McFarland functions have vector output is investigated. We found that the extra speed comes at the price of additional weaknesses which make the attacks easier.
Abstract:In this paper, we present a framework for guess-and-determine attack on stream ciphers that relies on guessing part of the internal state and solving for the remaining unknown cipher state based on known keystream bits. We show that this basic attack can always be extended to a Time-Memory-Data (TMD) Trade-Off attack. This allows us to easily extend any guess-and-determine attack to a guess-and-determine TMD attack, which improves the online attack at the expense of memory, pre-processing time, and data requirement. Lastly, we illustrate three applications of the attack framework.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.