2000
DOI: 10.1007/3-540-44598-6_19
|View full text |Cite
|
Sign up to set email alerts
|

Abstract: Abstract. The task of a fast correlation attack is to efficiently restore the initial content of a linear feedback shift register in a stream cipher using a detected correlation with the output sequence. We show that by modeling this problem as the problem of learning a binary linear multivariate polynomial, algorithms for polynomial reconstruction with queries can be modified through some general techniques used in fast correlation attacks. The result is a new and efficient way of performing fast correlation … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
65
0

Year Published

2005
2005
2023
2023

Publication Types

Select...
5
2
1

Relationship

1
7

Authors

Journals

citations
Cited by 94 publications
(66 citation statements)
references
References 19 publications
1
65
0
Order By: Relevance
“…The attacker can thus get 10, 000 linear equations in 10, 000 variables, which he can easily solve by using the precomputed inverse of the coefficient matrix. This stream cipher can thus be broken in less than 2 30 bit operations, even though it could not be attacked by any previous technique, including correlation attacks or the analysis of low Hamming weight LFSR modifications (see for instance [11], [12], [13], [14], [15], and [16]). …”
Section: Applications To Block Ciphersmentioning
confidence: 99%
“…The attacker can thus get 10, 000 linear equations in 10, 000 variables, which he can easily solve by using the precomputed inverse of the coefficient matrix. This stream cipher can thus be broken in less than 2 30 bit operations, even though it could not be attacked by any previous technique, including correlation attacks or the analysis of low Hamming weight LFSR modifications (see for instance [11], [12], [13], [14], [15], and [16]). …”
Section: Applications To Block Ciphersmentioning
confidence: 99%
“…Some improvements of the previous algorithm are presented in [36]. The first one considers all linear combinations of w columns of the generator matrix whose ( − k) last positions lie in a given subset (the original algorithm proposed in [35] corresponds to the case where this subset is reduced to the zero vector).…”
Section: General Decoding Algorithmsmentioning
confidence: 99%
“…In iterative algorithms, the parity-checks are used to modify the sequence x 0 i and to obtain a new noisyless sequence which converges towards the sequence x i [1,5]. In one-pass algorithms, the parity-checks values enable us to directly compute the correct value of a small number of LFSR output x i from the sequence (x 0 i ) i≥1 [2,3,4,5,6,7].…”
Section: Fast Correlation Attacksmentioning
confidence: 99%
“…2, where this sum is remplaced by x i output of one only register, and the Boolean function by a BSC (binary symmetric channel), i.e. by a channel introducing noise on x i with probability 1 − p. Fast correlation attacks [1,2,3,4,5,6,7] are improvements of basic correlation attack [10] which essentially consists in mounting an hypothesis statistical test in an exhaustive key search procedure. In this article, we present a new asymptotic analysis of iterative fast correlation attacks and a new improvement of these algorithms.…”
Section: Introductionmentioning
confidence: 99%