18 research outputs found
Finding low-weight polynomial multiples using discrete logarithm
Finding low-weight multiples of a binary polynomial is a difficult problem
arising in the context of stream ciphers cryptanalysis. The classical algorithm
to solve this problem is based on a time memory trade-off. We will present an
improvement to this approach using discrete logarithm rather than a direct
representation of the involved polynomials. This gives an algorithm which
improves the theoretical complexity, and is also very flexible in practice
Attacking the combination generator
We present one of the most efficient attacks against the combination
generator. This attack is inherent to this system as its only assumption is
that the filtering function has a good autocorrelation. This is usually the
case if the system is designed to be resistant to other kinds of attacks. We
use only classical tools, namely vectorial correlation, weight 4 multiples and
Walsh transform
Algebraic Attack on the Alternating Step(r,s)Generator
The Alternating Step(r,s) Generator, ASG(r,s), is a clock-controlled sequence
generator which is recently proposed by A. Kanso. It consists of three
registers of length l, m and n bits. The first register controls the clocking
of the two others. The two other registers are clocked r times (or not clocked)
(resp. s times or not clocked) depending on the clock-control bit in the first
register. The special case r=s=1 is the original and well known Alternating
Step Generator. Kanso claims there is no efficient attack against the ASG(r,s)
since r and s are kept secret. In this paper, we present an Alternating Step
Generator, ASG, model for the ASG(r,s) and also we present a new and efficient
algebraic attack on ASG(r,s) using 3(m+n) bits of the output sequence to find
the secret key with O((m^2+n^2)*2^{l+1}+ (2^{m-1})*m^3 + (2^{n-1})*n^3)
computational complexity. We show that this system is no more secure than the
original ASG, in contrast to the claim of the ASG(r,s)'s constructor.Comment: 5 pages, 2 figures, 2 tables, 2010 IEEE International Symposium on
Information Theory (ISIT2010),June 13-18, 2010, Austin, Texa
ΠΠ»Π³ΠΎΡΠΈΡΠΌ ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ Π²ΠΈΠ΄Π° ΡΠΊΡΠ΅ΠΌΠ±Π»ΠΈΡΠΎΠ²Π°Π½ΠΈΡ Π±ΠΈΠ½Π°ΡΠ½ΡΡ Π΄Π°Π½Π½ΡΡ
The article describes algorithm that allows determining scrambler type based on the signal from its output. The task of this kind is relevant for radio monitoring systems and when creating cognitive systems for digital signal receiving and processing. The identification algorithm determines the form of the scrambler both multiplicative and additive. There are no published papers providing algorithm for automatic determination of scrambler type. This article is intended to partly fill the gap. It provides a form al statement of the problem, an identification algorithm and simulation results.Β Π Π°ΡΡΠΌΠΎΡΡΠ΅Π½Π° Π·Π°Π΄Π°ΡΠ° ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΡ Π²ΠΈΠ΄Π° ΡΠΊΡΠ΅ΠΌΠ±Π»Π΅ΡΠ°, ΠΏΡΠΈΠΌΠ΅Π½Π΅Π½Π½ΠΎΠ³ΠΎ Π½Π° ΠΏΠ΅ΡΠ΅Π΄Π°ΡΡΠ΅ΠΉ ΡΡΠΎΡΠΎΠ½Π΅, Π½Π° ΠΎΡΠ½ΠΎΠ²Π°Π½ΠΈΠΈ ΡΠΈΠ³Π½Π°Π»Π° Ρ Π΅Π³ΠΎ Π²ΡΡ
ΠΎΠ΄Π°. ΠΠ°Π΄Π°ΡΠ° ΡΠ°ΠΊΠΎΠ³ΠΎ ΡΠΎΠ΄Π° ΡΠ²Π»ΡΠ΅ΡΡΡ Π°ΠΊΡΡΠ°Π»ΡΠ½ΠΎΠΉ Π΄Π»Ρ ΡΠΈΡΡΠ΅ΠΌ ΡΠ°Π΄ΠΈΠΎΠΌΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³Π° ΠΈ ΠΏΡΠΈ ΡΠΎΠ·Π΄Π°Π½ΠΈΠΈ ΠΊΠΎΠ³Π½ΠΈΡΠΈΠ²Π½ΡΡ
ΡΠΈΡΡΠ΅ΠΌ ΠΏΡΠΈΠ΅ΠΌΠ° ΠΈ ΠΎΠ±ΡΠ°Π±ΠΎΡΠΊΠΈ ΡΠΈΡΡΠΎΠ²ΠΎΠ³ΠΎ ΡΠΈΠ³Π½Π°Π»Π°. ΠΠ·Π²Π΅ΡΡΠ½Ρ ΡΠ΅Ρ
Π½ΠΈΡΠ΅ΡΠΊΠΈΠ΅ ΡΠ΅ΡΠ΅Π½ΠΈΡ, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡΡΠΈΠ΅ ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΡΠΈΡΠΎΠ²Π°ΡΡ ΡΡΡΡΠΊΡΡΡΡ ΠΊΠ°ΠΊ Π°Π΄Π΄ΠΈΡΠΈΠ²Π½ΠΎΠ³ΠΎ, ΡΠ°ΠΊ ΠΈ ΠΌΡΠ»ΡΡΠΈΠΏΠ»ΠΈΠΊΠ°ΡΠΈΠ²Π½ΠΎΠ³ΠΎ ΡΠΊΡΠ΅ΠΌΠ±Π»Π΅ΡΠ° [1]-[4]. ΠΠ΄Π½Π°ΠΊΠΎ ΠΏΡΠ±Π»ΠΈΠΊΠ°ΡΠΈΠΉ, Π² ΠΊΠΎΡΠΎΡΡΡ
ΠΏΡΠΈΠ²ΠΎΠ΄ΠΈΠ»ΡΡ Π±Ρ Π°Π»Π³ΠΎΡΠΈΡΠΌ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΎΠ³ΠΎ ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅ΒΠ½ΠΈΡ Π²ΠΈΠ΄Π° ΡΠΊΡΠ΅ΠΌΠ±Π»Π΅ΡΠ°, Π½Π΅Ρ. ΠΡΠ΅Π΄Π»Π°Π³Π°Π΅ΠΌΠ°Ρ ΡΡΠ°ΡΡΡ ΠΏΡΠΈΠ·Π²Π°Π½Π° ΡΠ°ΡΡΠΈΡΠ½ΠΎ Π²ΠΎΡΠΏΠΎΠ»Π½ΠΈΡΡ ΡΡΠΎΡ ΠΏΡΠΎΠ±Π΅Π». ΠΡΠΈΠ²Π΅Π΄Π΅Π½ Π°Π»Π³ΠΎΡΠΈΡΠΌ, ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠΈΠ²Π°ΡΡΠΈΠΉ ΡΠ΅ΡΠ΅Π½ΠΈΠ΅ ΡΠΊΠ°Π·Π°Π½Π½ΠΎΠΉ Π·Π°Π΄Π°ΡΠΈ, ΠΈ ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΡ Π΅Π³ΠΎ ΠΌΠΎΠ΄Π΅Π»ΠΈΡΠΎΠ²Π°Π½ΠΈΡ.
A New Version of Grain-128 with Authentication
A new version of the stream cipher Grain-128 is proposed. The new version, Grain-128a, is strengthened against all known attacks and observations on the original Grain-128, and has built-in support for authentication. The changes are modest, keeping the basic structure of Grain-128. This gives a high conο¬dence in Grain-128a and allows for easy updating of existing implementations
The Conditional Correlation Attack: A Practical Attack on Bluetooth Encryption
Abstract. Motivated by the security of the nonlinear filter generator, the concept of correlation was previously extended to the conditional correlation, that studied the linear correlation of the inputs conditioned on a given (short) output pattern of some specific nonlinear function. Based on the conditional correlations, conditional correlation attacks were shown to be successful and efficient against the nonlinear filter generator. In this paper, we further generalize the concept of conditional correlations by assigning it with a different meaning, i.e. the correlation of the output of an arbitrary function conditioned on the unknown (partial) input which is uniformly distributed. Based on this generalized conditional correlation, a general statistical model is studied for dedicated key-recovery distinguishers. It is shown that the generalized conditional correlation is no smaller than the unconditional correlation. Consequently, our distinguisher improves on the traditional one (in the worst case it degrades into the traditional one). In particular, the distinguisher may be successful even if no ordinary correlation exists. As an application, a conditional correlation attack is developed and optimized against Bluetooth two-level E0. The attack is based on a recently detected flaw in the resynchronization of E0, as well as the investigation of conditional correlations in the Finite State Machine (FSM) governing the keystream output of E0. Our best attack finds the original encryption key for two-level E0 using the first 24 bits of 2 23.8 frames and with 2 38 computations. This is clearly the fastest and only practical known-plaintext attack on Bluetooth encryption compared with all existing attacks. Current experiments confirm our analysis
Cryptanalysis of LFSR-based Pseudorandom Generators - a Survey
Pseudorandom generators based on linear feedback shift registers (LFSR) are a traditional building block for cryptographic stream ciphers. In this report, we review the general idea for such generators, as well as the most important techniques of cryptanalysis
Improved Fast Correlation Attack Using Low Rate Codes
Abstract. In this paper we present a new and improved correlation attack based on maximum likelihood (ML) decoding. Previously the code rate used for decoding has typically been around r = 1/2 14 . Our algorithm has low computational complexity and is able to use code rates around r = 1/2 33 . This way we get much more information about the key bits. Furthermore, the run time for a successful attack is reduced significantly and we need fewer key stream bits