The Efficiency of Optimal Sampling in the Random S-box Model

In this paper we show a closed caption formula for the efficiency of the optimal sampling technique in the random S-box model. This formula is derived by analyzing the given model and sampling technique using statistical techniques. We further generalize the original random S-box model in two ways; allowing multiple-bit entries, xor of several random S-box outputs. For all cases we show the corresponding closed caption efficiency formula. Using these new formulas, it is now possible to instantaneously give accurate analytical estimates of the output quality of random S-boxes. This can be of great practical importance in, for example, analysis and design of cryptographic primitives based on such building blocks

Another look at weak feedback polynomials in the nonlinear combiner

Feedback polynomials with low degree multiples of low weight should be avoided in linear feedback shift registers when used in nonlinear combiners. We consider another class of weak feedback polynomials, namely the class when taps are located in small groups. This class was introduced in 2004 demonstrating that the resulting distinguishing attack can sometimes be better than the one using low weight multiples. In this paper we take another look at these polynomials and give further insight to the theory behind the attack complexity. Using the Walsh transform we show an easy way to determine the attack complexity given a polynomial. Further, we show that the size of the vectors should sometimes be larger than previously known. We also give a simple relation showing when the new attack will outperform the simple attack based on low weight multiples

An overview of distinguishing attacks on stream ciphers

This paper overviews basic theory on distinguishing attacks on stream ciphers. It illustrates underlying ideas and common techniques without going into too many details on each topic. Some new approaches in distinguishing attacks are also included

Improved Distinguishers on Stream Ciphers with Certain Weak Feedback Polynomials

It is well known that fast correlation attacks can be very efficient if the feedback polynomial is of low weight. These feedback polynomials can be considered weak in the context of stream ciphers. This paper generalizes the class of weak feedback polynomials into polynomials were taps are located in several groups, possibly far apart. Low weight feedback polynomials are thus a special case of this class. For the general class it is shown that attacks can sometimes be very efficient even though the polynomials are of large weight. The main idea is to consider vectors of noise variables. It is shown how the complexity of a distinguishing attack can be efficiently computed and that the complexity is closely related to the minimum row distance of a generator matrix for a convolutional code. Moreover, theoretical results on the size of the vectors are given