Algebraic Attack on the Alternating Step(r,s)Generator

The Alternating Step(r,s) Generator, ASG(r,s), is a clock-controlled sequence generator which is recently proposed by A. Kanso. It consists of three registers of length l, m and n bits. The first register controls the clocking of the two others. The two other registers are clocked r times (or not clocked) (resp. s times or not clocked) depending on the clock-control bit in the first register. The special case r=s=1 is the original and well known Alternating Step Generator. Kanso claims there is no efficient attack against the ASG(r,s) since r and s are kept secret. In this paper, we present an Alternating Step Generator, ASG, model for the ASG(r,s) and also we present a new and efficient algebraic attack on ASG(r,s) using 3(m+n) bits of the output sequence to find the secret key with O((m^2+n^2)*2^{l+1}+ (2^{m-1})*m^3 + (2^{n-1})*n^3) computational complexity. We show that this system is no more secure than the original ASG, in contrast to the claim of the ASG(r,s)'s constructor.Comment: 5 pages, 2 figures, 2 tables, 2010 IEEE International Symposium on Information Theory (ISIT2010),June 13-18, 2010, Austin, Texa

Investigations in the design and analysis of key-stream generators

iv+113hlm.;24c

Performance Analysis Of Secured Synchronous Stream Ciphers

The new information and communication technologies require adequate security. In the past decades ,we have witnessed an explosive growth of the digital storage and communication of data ,triggered by some important breakthroughs such as the Internet and the expansive growth of wireless communications. In the world of cryptography ,stream ciphers are known as primitives used to ensure privacy over communication channel and these are widely used for fast encryption of sensitive data. Lots of old stream ciphers that have been formerly used no longer be considered secure ,because of their vulnerability to newly developed cryptanalysis techniques. Many designs stream ciphers have been proposed in an effort to find a proper candidate to be chosen as world standard for data encryption. From these designs, the stream ciphers which are Trivium,Edon80 and Mickey are implemented in ‘c’ language with out affecting their security .Actually these algorithms are particularly suited for hardware oriented environments which provides considerable security and efficiency aspects. We will be targeting hardware applications, and good measure for efficiency of a stream cipher in this environment is the number of key stream bits generated per cycle per gate. For good efficiency we are approaching two ways .One approach is minimizing the number of gates.The other approach is to dramatically increase the number of bits for cycle. This allows reducing the clock frequency at the cost of an increased gate count. Apart from the implementation the analysis which includes the security of these algorithms against some attacks related to stream ciphers such as guess and deterministic attacks, correlation attacks, divide and conquer attacks and algebraic attacks are presented

Improved algebraic cryptanalysis of QUAD, Bivium and Trivium via graph partitioning on equation systems

We present a novel approach for preprocessing systems of polynomial equations via graph partitioning. The variable-sharing graph of a system of polynomial equations is defined. If such graph is disconnected, then the corresponding system of equations can be split into smaller ones that can be solved individually. This can provide a tremendous speed-up in computing the solution to the system, but is unlikely to occur either randomly or in applications. However, by deleting certain vertices on the graph, the variable-sharing graph could be disconnected in a balanced fashion, and in turn the system of polynomial equations would be separated into smaller systems of near-equal sizes. In graph theory terms, this process is equivalent to finding balanced vertex partitions with minimum-weight vertex separators. The techniques of finding these vertex partitions are discussed, and experiments are performed to evaluate its practicality for general graphs and systems of polynomial equations. Applications of this approach in algebraic cryptanalysis on symmetric ciphers are presented: For the QUAD family of stream ciphers, we show how a malicious party can manufacture conforming systems that can be easily broken. For the stream ciphers Bivium and Trivium, we nachieve significant speedups in algebraic attacks against them, mainly in a partial key guess scenario. In each of these cases, the systems of polynomial equations involved are well-suited to our graph partitioning method. These results may open a new avenue for evaluating the security of symmetric ciphers against algebraic attacks

Some Results on Distinguishing Attacks on Stream Ciphers

Stream ciphers are cryptographic primitives that are used to ensure the privacy of a message that is sent over a digital communication channel. In this thesis we will present new cryptanalytic results for several stream ciphers. The thesis provides a general introduction to cryptology, explains the basic concepts, gives an overview of various cryptographic primitives and discusses a number of different attack models. The first new attack given is a linear correlation attack in the form of a distinguishing attack. In this attack a specific class of weak feedback polynomials for LFSRs is identified. If the feedback polynomial is of a particular form the attack will be efficient. Two new distinguishing attacks are given on classical stream cipher constructions, namely the filter generator and the irregularly clocked filter generator. It is also demonstrated how these attacks can be applied to modern constructions. A key recovery attack is described for LILI-128 and a distinguishing attack for LILI-II is given. The European network of excellence, called eSTREAM, is an effort to find new efficient and secure stream ciphers. We analyze a number of the eSTREAM candidates. Firstly, distinguishing attacks are described for the candidate Dragon and a family of candidates called Pomaranch. Secondly, we describe resynchronization attacks on eSTREAM candidates. A general square root resynchronization attack which can be used to recover parts of a message is given. The attack is demonstrated on the candidates LEX and Pomaranch. A chosen IV distinguishing attack is then presented which can be used to evaluate the initialization procedure of stream ciphers. The technique is demonstrated on four candidates: Grain, Trivium, Decim and LEX