Extended windmill polynomials

We present a generalization of a class of characteristic polynomials used for linear feedback shift registers (LFSRs). In previous works, several restrictions have been demonstrated for the windmill polynomials. Most notably, no irreducible windmill polynomial was found for a degree d = 3 mod 8. We show how to modify the original definition to overcome those restrictions. We also assess the security of our extended windmill generator considering the case of a filtered LFSR. This paper concerns LFSRs but it can be extended to any kind of shift registers including feedback with carry shift registers (FCSRs) and non-linear feedback shift registers (NLFSRs). We also establish the number of extended windmill polynomials for v = 4, 8, 16, 32 and 64 vanes up to the degree 160.Anglai

Preventing weaknesses on F-FCSR in IV mode and tradeoff attack on F-FCSR 8

E. Jaulmes and F. Muller have described some attacks on F-FCSR-8 and F-FCSR-H algorithms [1]. These attacks pointed out three weaknesses on the algorithms. The first one is a bottleneck e#ect due to a big mistake in our design. This can be repaired by only removing one line of code in the F-FCSR-8 algorithm. The second weakness lies in the di#usion of the IV which is not good for both algorithms, due to a too simple Key+IV--setup procedure. The last weakness is that F-FCSR-8 is vulnerable to a TMD-tradeo# attack, using the fact that the number of possible values of each subfilter is relatively small. In this paper, we repair all the weaknesses that were pointed out. We propose a better Key+IV--setup procedure to suppress the bottleneck and have a good di#usion of the IV. To thwart the TMD tradeo# attack on F-FCSR-8, we had to increase the size of the main register up to 256 bits. But we can now extract two pseudorandom bytes at each transition of the automaton instead of one, so the performances remain at least as good as before. 1 Repairing F-FCSR-H : a better Key+IV--setup procedure As in the original version, we put the key and IV bits in the main register, but we then collect the first twenty bytes output by the automaton and feed them back to the main register. Then we wait enough transitions of the automaton, similarly as in the original version, before using the pseudorandom stream. Description of the new procedure "Key+IV Setup" 80. 1. The main register M is initialized with the key and the IV: M := K + 2 80 #IV#K)

Description of F-FCSR-8 and F-FCSR-H stream ciphers

Our Filtered FCSR stream ciphers are based on a very simple mechanism: the output is obtained by filtering internal states of an FCSR automaton using linear Boolean functions. A full description of the method is given in Section 1. Some more extensive documentation could be find in enclosed references [1, 2, 3]

Sosemanuk, a fast software-oriented stream cipher. eSTREAM, ECRYPT Stream Cipher

Abstract. Sosemanuk is a new synchronous software-oriented stream cipher, corresponding to Profile 1 of the ECRYPT call for stream cipher primitives. Its key length is variable between 128 and 256 bits. It accommodates a 128-bit initial value. Any key length is claimed to achieve 128-bit security. The Sosemanuk cipher uses both some basic design principles from the stream cipher SNOW 2.0 and some transformations derived from the block cipher SERPENT. Sosemanuk aims at improving SNOW 2.0 both from the security and from the efficiency points of view. Most notably, it uses a faster IV-setup procedure. It also requires a reduced amount of static data, yielding better performance on several architectures.

"DecimV2"

International audienc