Improving Fast Algebraic Attacks

Armknecht, Frederik

doi:10.1007/978-3-540-25937-4_5

Cited by 127 publications

(93 citation statements)

References 20 publications

(20 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Then, an additional precomputation step consists in determining the linear combinations of the previous relations which cancel out the highest degree monomials. Some algorithms for this step have been proposed in [7,2]. This technique helps to decrease the degree of the relations used in the attack for different practical examples.…”

Section: Resistance To Fast Algebraic Attacksmentioning

confidence: 99%

Open Problems Related to Algebraic Attacks on Stream Ciphers

Canteaut

2006

Coding and Cryptography

View full text Add to dashboard Cite

The recently developed algebraic attacks apply to all keystream generators whose internal state is updated by a linear transition function, including LFSR-based generators. Here, we describe this type of attacks and we present some open problems related to its complexity. We also investigate the design criteria which may guarantee a high resistance to algebraic attacks for a keystream generator based on a linear transition function.

show abstract

Section: Resistance To Fast Algebraic Attacksmentioning

confidence: 99%

Open Problems Related to Algebraic Attacks on Stream Ciphers

Canteaut

2006

Coding and Cryptography

View full text Add to dashboard Cite

show abstract

“…how about the linear dependency of these linear equations? Fortunately, from the initial state (a 0 , a 2 …”

Section: The Guess-and-determine Algorithmmentioning

confidence: 99%

“…) T corresponding to the bits selected in (a 1 , a 3 , · · · , a 2l−1 ) according to the pattern of (a 0 , a 2 , · · · , a 2(l−1) ) can be regarded as random vectors over GF (2) L . Thus, this holds also for the truncated versions of g i over GF (2) L−l which form the coefficient matrix on the remaining L − l unknown bits.…”

Section: The Guess-and-determine Algorithmmentioning

confidence: 99%

“…Although many LFSR based stream ciphers are found vulnerable to (fast) correlation attacks [4,5,[14][15][16][23][24][25] and algebraic attacks [1,2,8,9], the selfshrinking generator has shown remarkable resistance against such cryptanalysis. For a length L LFSR, the previously known best concrete attack is the BDD attack in [18], which has time complexity O(2 0.656L ) at the expense of O(2 0.656L ) memory from 2.41 · L bits keystream.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

New Guess-and-Determine Attack on the Self-Shrinking Generator

Zhang

Feng

2006

Advances in Cryptology – ASIACRYPT 2006

View full text Add to dashboard Cite

Abstract. We propose a new type of guess-and-determine attack on the self-shrinking generator (SSG). The inherent flexibility of the new attack enables us to deal with different attack conditions and requirements smoothly. For the SSG with a length L LFSR of arbitrary form, our attack can reliably restore the initial state with time complexity. Therefore, our attack is better than all the previously known attacks on the SSG and especially, it compares favorably with the time/memory/data tradeoff attack which typically has time complexity O(2 0.5L ), memory complexity O(2 0.5L ) and data complexity O(2 0.25L )-bit keystream after a pre-computation phase of complexity O(2 0.75L ). It is well-known that one of the open research problems in stream ciphers specified by the European STORK (Strategic Roadmap for Crypto) project is to find an attack on the self-shrinking generator with complexity lower than that of a generic time/memory/data tradeoff attack. Our result is the best answer to this problem known so far.

show abstract

“…The collection can be used by the designers to create new stream ciphers whose security can be tested using the developed cryptographic attacks. The most effective tests for stream cipher include the correlation and fast correlation attacks [22,13,25,7] and the algebraic and fast algebraic attacks [6,8,1,16].…”

Section: Introductionmentioning

confidence: 99%

Security analysis of linearly filtered NLFSRs

Orumiehchiha

Pieprzyk

Steinfeld

et al. 2013

Journal of Mathematical Cryptology

View full text Add to dashboard Cite

Abstract. Our contributions are applying distinguishing attack on Linearly Filtered NLFSR as a primitive or associated with filter generators. We extend the attack on linear combinations of Linearly Filtered NLFSRs as well. Generally, these structures can be examined by the proposed techniques and the criteria will be achieved to design secure primitive. The attacks allow attacker to mount linear attack to distinguish the output of the cipher and recover its internal state. Also, we investigate security of the modified version of Grain stream cipher to present how invulnerable is the scheme against distinguishing attacks.

show abstract

Improving Fast Algebraic Attacks

Cited by 127 publications

References 20 publications

Open Problems Related to Algebraic Attacks on Stream Ciphers

Open Problems Related to Algebraic Attacks on Stream Ciphers

New Guess-and-Determine Attack on the Self-Shrinking Generator

Security analysis of linearly filtered NLFSRs

Contact Info

Product

Resources

About