3,520 research outputs found
Algebraic Attack on the Alternating Step(r,s)Generator
The Alternating Step(r,s) Generator, ASG(r,s), is a clock-controlled sequence
generator which is recently proposed by A. Kanso. It consists of three
registers of length l, m and n bits. The first register controls the clocking
of the two others. The two other registers are clocked r times (or not clocked)
(resp. s times or not clocked) depending on the clock-control bit in the first
register. The special case r=s=1 is the original and well known Alternating
Step Generator. Kanso claims there is no efficient attack against the ASG(r,s)
since r and s are kept secret. In this paper, we present an Alternating Step
Generator, ASG, model for the ASG(r,s) and also we present a new and efficient
algebraic attack on ASG(r,s) using 3(m+n) bits of the output sequence to find
the secret key with O((m^2+n^2)*2^{l+1}+ (2^{m-1})*m^3 + (2^{n-1})*n^3)
computational complexity. We show that this system is no more secure than the
original ASG, in contrast to the claim of the ASG(r,s)'s constructor.Comment: 5 pages, 2 figures, 2 tables, 2010 IEEE International Symposium on
Information Theory (ISIT2010),June 13-18, 2010, Austin, Texa
A Simple Attack on Some Clock-Controlled Generators
We present a new approach to edit distance attacks on certain
clock-controlled generators, which applies basic concepts of Graph Theory to
simplify the search trees of the original attacks in such a way that only the
most promising branches are analyzed. In particular, the proposed improvement
is based on cut sets defined on some graphs so that certain shortest paths
provide the edit distances. The strongest aspects of the proposal are that the
obtained results from the attack are absolutely deterministic, and that many
inconsistent initial states of the target registers are recognized beforehand
and avoided during search
On the Design and Analysis of Stream Ciphers
This thesis presents new cryptanalysis results for several different stream cipher constructions. In addition, it also presents two new stream ciphers, both based on the same design principle. The first attack is a general attack targeting a nonlinear combiner. A new class of weak feedback polynomials for linear feedback shift registers is identified. By taking samples corresponding to the linear recurrence relation, it is shown that if the feedback polynomial has taps close together an adversary to take advantage of this by considering the samples in a vector form. Next, the self-shrinking generator and the bit-search generator are analyzed. Both designs are based on irregular decimation. For the self-shrinking generator, it is shown how to recover the internal state knowing only a few keystream bits. The complexity of the attack is similar to the previously best known but uses a negligible amount of memory. An attack requiring a large keystream segment is also presented. It is shown to be asymptotically better than all previously known attacks. For the bit-search generator, an algorithm that recovers the internal state is given as well as a distinguishing attack that can be very efficient if the feedback polynomial is not carefully chosen. Following this, two recently proposed stream cipher designs, Pomaranch and Achterbahn, are analyzed. Both stream ciphers are designed with small hardware complexity in mind. For Pomaranch Version 2, based on an improvement of previous analysis of the design idea, a key recovery attack is given. Also, for all three versions of Pomaranch, a distinguishing attack is given. For Achterbahn, it is shown how to recover the key of the latest version, known as Achterbahn-128/80. The last part of the thesis introduces two new stream cipher designs, namely Grain and Grain-128. The ciphers are designed to be very small in hardware. They also have the distinguishing feature of allowing users to increase the speed of the ciphers by adding extra hardware
MV3: A new word based stream cipher using rapid mixing and revolving buffers
MV3 is a new word based stream cipher for encrypting long streams of data. A
direct adaptation of a byte based cipher such as RC4 into a 32- or 64-bit word
version will obviously need vast amounts of memory. This scaling issue
necessitates a look for new components and principles, as well as mathematical
analysis to justify their use. Our approach, like RC4's, is based on rapidly
mixing random walks on directed graphs (that is, walks which reach a random
state quickly, from any starting point). We begin with some well understood
walks, and then introduce nonlinearity in their steps in order to improve
security and show long term statistical correlations are negligible. To
minimize the short term correlations, as well as to deter attacks using
equations involving successive outputs, we provide a method for sequencing the
outputs derived from the walk using three revolving buffers. The cipher is fast
-- it runs at a speed of less than 5 cycles per byte on a Pentium IV processor.
A word based cipher needs to output more bits per step, which exposes more
correlations for attacks. Moreover we seek simplicity of construction and
transparent analysis. To meet these requirements, we use a larger state and
claim security corresponding to only a fraction of it. Our design is for an
adequately secure word-based cipher; our very preliminary estimate puts the
security close to exhaustive search for keys of size < 256 bits.Comment: 27 pages, shortened version will appear in "Topics in Cryptology -
CT-RSA 2007
- …