A Simple Algorithm for Fast Correlation Attacks on Stream Ciphers

Abstract: A new simple algorithm for fast correlation attacks on stream ciphers is presented. The advantages of the new approach are at least two. Firstly, the new algorithm significantly reduces the memory requirements compared with some recent proposals [2,3]. This allows more powerful attacks than previously. Secondly, the simplicity of the algorithm allows us to derive theoretical results. We determine the relation between the number of observed symbols, the correlation probability, and the allowed computational com… Show more

“…The key-idea due to Chepyshov, Johansson and Smeets [35] is the following: when the code dimension is too large for ML-decoding, it is possible to derive from the original code a new code with smaller dimension on which ML-decoding can be applied. Obviously, a code of dimension k < is obtained from the columns of the generator matrix which vanish of the last − k positions.…”

“…The first one considers all linear combinations of w columns of the generator matrix whose ( − k) last positions lie in a given subset (the original algorithm proposed in [35] corresponds to the case where this subset is reduced to the zero vector). This refined version is very similar to the extended version of linear cryptanalysis on block ciphers based on multiple approximations [37].…”

Fast correlation attacks against stream ciphers and related open problems

“…The key-idea due to Chepyshov, Johansson and Smeets [35] is the following: when the code dimension is too large for ML-decoding, it is possible to derive from the original code a new code with smaller dimension on which ML-decoding can be applied. Obviously, a code of dimension k < is obtained from the columns of the generator matrix which vanish of the last − k positions.…”

“…The first one considers all linear combinations of w columns of the generator matrix whose ( − k) last positions lie in a given subset (the original algorithm proposed in [35] corresponds to the case where this subset is reduced to the zero vector). This refined version is very similar to the extended version of linear cryptanalysis on block ciphers based on multiple approximations [37].…”

Fast correlation attacks against stream ciphers and related open problems

“…In iterative algorithms, the parity-checks are used to modify the sequence x 0 i and to obtain a new noisyless sequence which converges towards the sequence x i [1,5]. In one-pass algorithms, the parity-checks values enable us to directly compute the correct value of a small number of LFSR output x i from the sequence (x 0 i ) i≥1 [2,3,4,5,6,7].…”

“…2, where this sum is remplaced by x i output of one only register, and the Boolean function by a BSC (binary symmetric channel), i.e. by a channel introducing noise on x i with probability 1 − p. Fast correlation attacks [1,2,3,4,5,6,7] are improvements of basic correlation attack [10] which essentially consists in mounting an hypothesis statistical test in an exhaustive key search procedure. In this article, we present a new asymptotic analysis of iterative fast correlation attacks and a new improvement of these algorithms.…”

An analysis and an improvement of iterative fast correlation attacks

“…The initial condition S (0) is loaded into the register for the CA to start operation. The next state of the CA is obtained using (4).…”

The Filter-Combiner Model for Memoryless Synchronous Stream Ciphers