Improved Fast Correlation Attacks on Stream Ciphers via Convolutional Codes

Johansson, Thomas; Jönsson, Fredrik

doi:10.1007/3-540-48910-x_24

Cited by 109 publications

(101 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In stream ciphers applications, when f is used in a pseudo-random generator as a combining function or as a filtering function, the existence of a "good" approximation of f by an affine function makes fast correlation attacks feasible [17,13,12]. Similarly, if f is used in a block cipher as an S-box component, this would lead to successful linear attacks [15].…”

Section: Cryptographic Criteria For Boolean Functionsmentioning

confidence: 99%

Propagation Characteristics and Correlation-Immunity of Highly Nonlinear Boolean Functions

Canteaut

Carlet

Charpin

et al. 2000

Advances in Cryptology — EUROCRYPT 2000

View full text Add to dashboard Cite

Abstract. We investigate the link between the nonlinearity of a Boolean function and its propagation characteristics. We prove that highly nonlinear functions usually have good propagation properties regarding different criteria. Conversely, any Boolean function satisfying the propagation criterion with respect to a linear subspace of codimension 1 or 2 has a high nonlinearity. We also point out that most highly nonlinear functions with a three-valued Walsh spectrum can be transformed into 1-resilient functions.

show abstract

Section: Cryptographic Criteria For Boolean Functionsmentioning

confidence: 99%

Propagation Characteristics and Correlation-Immunity of Highly Nonlinear Boolean Functions

Canteaut

Carlet

Charpin

et al. 2000

Advances in Cryptology — EUROCRYPT 2000

View full text Add to dashboard Cite

show abstract

“…To this end, the so-called parity checks with memory [10] (also see [7]) or the parity checks sharing a given number of bits in common [14] may be utilized. In conclusion, the second stage of the basic fast correlation attack on the shrinking generator may be successful for a large class of LFSR 1 feedback polynomials.…”

Section: Basic Attack On Lfsrmentioning

confidence: 99%

“…It is known that the complexity of such an algorithm primarily depends on the degrees and numbers of low-weight polynomial multiples of the feedback polynomial of LFSR 1 which, according to [10], [7], and [14], may also contain an additional number of concentrated nonzero terms. The initial state of LFSR 1 can thus be recovered.…”

Section: Introductionmentioning

confidence: 99%

Correlation Analysis of the Shrinking Generator

Golić¹

2001

Advances in Cryptology — CRYPTO 2001

View full text Add to dashboard Cite

Abstract. The shrinking generator is a well-known keystream generator composed of two linear feedback shift registers, LFSR1 and LFSR2, where LFSR1 is clock-controlled according to regularly clocked LFSR2. A probabilistic analysis of the shrinking generator which shows that this generator can be vulnerable to a specific fast correlation attack is conducted. The first stage of the attack is based on a recursive computation of the posterior probabilites of individual bits of the regularly clocked LFSR1 sequence when conditioned on a given segment of the keystream sequence. Theoretical analysis shows that these probabilities are significantly different from one half and can hence be used for reconstructing the initial state of LFSR1 by iterative probabilistic decoding algorithms for fast correlation attacks on regularly clocked LFSR's. In the second stage of the attack, the initial state of LFSR2 is reconstructed in a similar way, which is based on a recursive computation of the posterior probabilites of individual bits of the LFSR2 sequence when conditioned on the keystream sequence and on the reconstructed LFSR1 sequence.

show abstract

“…The other very important aspect is that the designs are often secret and contrary to block ciphers, generally no public evaluation is possible. Although such stream ciphers may be vulnerable to some attacks [11,7,6], cryptanalysis becomes much harder when the algorithm is unknown. During World War II, US cryptanalysts had to face this problem with the Japanese PURPLE machine [8]: they reconstructed it before cryptanalysing it.…”

Section: Introductionmentioning

confidence: 99%

“…By algebraic and statistical results, all the cryptographic primitives constituting the system (the LFSR characteristics and the combining function) can be recovered. After this reconstruction step, the LFSR initializations can be found by classical correlation attacks [11,7,6,1].…”

Section: Introductionmentioning

confidence: 99%

Ciphertext only Reconstruction of Stream Ciphers Based on Combination Generators

Canteaut

Filiol

2001

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. This paper presents an operational reconstruction technique of most stream ciphers. We primarily expose it for key-stream generators which consist of several linear feedback shift registers combined by a nonlinear Boolean function. It is shown how to completely recover the different feedback polynomials and the combining function, when the algorithm is totally unknown. This attack only requires the knowledge of some ciphertexts, which may be generated from different secret keys. Estimates of necessary ciphertext length and experimental results are detailed.

show abstract

Improved Fast Correlation Attacks on Stream Ciphers via Convolutional Codes

Cited by 109 publications

References 13 publications

Propagation Characteristics and Correlation-Immunity of Highly Nonlinear Boolean Functions

Propagation Characteristics and Correlation-Immunity of Highly Nonlinear Boolean Functions

Correlation Analysis of the Shrinking Generator

Ciphertext only Reconstruction of Stream Ciphers Based on Combination Generators

Contact Info

Product

Resources

About