Two Alerts for Design of Certain Stream Ciphers: Trapped LFSR and Weak Resilient Function over GF(q)

  • Paul Camion
  • Miodrag J. Mihaljević
  • Hideki Imai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2595)


This paper points out: (i) a possibility for malicious selection of the LFSRs feedback polynomials in order to install a trap-door for the cryptanalysis; and (ii) a weakness of the construction of the resilient functions over GF(q) proposed at CRYPTO’96. Two corresponding methods for cryptanalysis are proposed. It is shown that although certain keystream generators over GF(q) are resistant against correlation and linear complexity based attacks, they are vulnerable by some novel attacks. The efficiency of these attacks depends on characteristics of the employed LFSRs and resilient functions. The developed attacks imply that LFSRs with certain characteristic polynomials and certain resilient functions are inappropriate as the building components for nonlinear combination generators and related schemes. They imply certain design criteria for employment of LFSRs and resilient functions over GF(q) in the nonlinear combination keystream generators and related schemes.


linear feedback shift registers over GF(qkeystream generators nonlinear combination generator resilient functions cryptanalysis 


  1. 1.
    R. J. Anderson, “A faster attack on certain stream ciphers”, Electronics Letters, vol. 29, pp. 1322–1323, 22nd July 1993.CrossRefGoogle Scholar
  2. 2.
    P. Camion and A. Canteaut, “Generalization of Siegenthaler inequality and Schnorr-Vaudenay multipermutations”, Advance in Cryptology-CRYPTO’96, Lecture Notes in Computer Science, vol. 1109, pp. 372–386, 1996.Google Scholar
  3. 3.
    P. Camion and A. Canteaut, “Correlation-immune and resilient functions over a.nite alphabet and their applications in cryptography”, Design, Codes and Cryptography, vol 16, pp.103–116, 1999.CrossRefGoogle Scholar
  4. 4.
    P. Camion, M. J. Mihaljević and H. Imai, “On employment of LFSRs over GF(q) in certain stream ciphers”, IEEE Int. Symp. Inform. Theory-ISIT2002, Lausanne, Switzerland, July 2002, Proceedings, p. 210.Google Scholar
  5. 5.
    A. Canteaut and M. Trabbia, “Improved fast correlation attacks using paritycheck equations of weight 4 and 5”, Advances in Cryptology-EUROCRYPT 2000, Lecture Notes in Computer Science, vol. 1807, pp. 573–588, 2000.CrossRefGoogle Scholar
  6. 6.
    V.V. Chepyzhov, T. Johansson and B. Smeets, “A simple algorithm for fast correlation attacks on stream ciphers”, Fast Software Encryption 2000, Lecture Notes in Computer Science, vol. 1978, pp. 180–195, 2001.Google Scholar
  7. 7.
    P. Chose, A. Joux and M. Mitton, “Fast correlation attacks: An algorithmic point of view”, Advances in Cryptology-EUROCRYPT 2002, Lecture Notes in Computer cience, vol. 2332, pp. 209–221, 2002.Google Scholar
  8. 8.
    J.Dj. Golić, “On linear complexity of functions of periodic GF(q) sequences”, IEEE Trans. Inform. Theory, vol. 35, pp. 69–75, Jan. 1989.Google Scholar
  9. 9.
    T. Johansson and F. Jonsson, “Fast correlation attacks through reconstruction of linear polynomials”, Advances in Cryptology-CRYPTO 2000, Lecture Notes in Computer Science, vol. 1880, pp. 300–315, 2000.CrossRefGoogle Scholar
  10. 10.
    F. Jonsson and T. Johansson, “Correlation attacks on stream ciphers over GF(2n)”, 2001 IEEE Int. Symp. Inform. Theory-ISIT2001, Washington DC, June 2001, Proceedings, p. 140.Google Scholar
  11. 11.
    J. L. Massey, “Shift-register synthesis and BCH decoding”, IEEE Trans. Inform. Theory, vol. IT-15, pp. 122–127, 1969.MathSciNetCrossRefGoogle Scholar
  12. 12.
    A. Menezes, P.C. van Oorschot and S.A. Vanstone, Handbook of Applied Cryptography. Boca Raton: CRC Press, 1997.Google Scholar
  13. 13.
    W. Meier and O. Staffelbach, “Fast correlation attacks on certain stream ciphers,” Journal of Cryptology, vol. 1, pp. 159–176, 1989.MathSciNetCrossRefGoogle Scholar
  14. 14.
    M. J. Mihaljević, M. P. C. Fossorier and H. Imai, “A low-complexity and highperformance algorithm for the fast correlation attack”, Fast Software Encryption-FSE 2000, Lecture Notes in Computer Science, vol. 1978, pp. 196–212, 2001.zbMATHGoogle Scholar
  15. 15.
    M. J. Mihaljević and J. Golić, “A method for convergence analysis of iterative probabilistic decoding”, IEEE Trans. Inform. Theory, vol. 46, pp. 2206–2211, m. 2000.MathSciNetCrossRefGoogle Scholar
  16. 16.
    M. J. Mihaljević, M. P. C. Fossorier and H. Imai, “On decoding techniques for cryptanalysis of certain encryption algorithms”, IEICE Trans. Fundamentals, vol. E84-A, pp. 919–930, April 2001.Google Scholar
  17. 17.
    M. J. Mihaljević, M.P.C. Fossorier and H. Imai, “Fast correlation attack algorithm with the list decoding and an application”, Fast Software Encryption-FSE 2001, Lecture Notes in Computer Science, vol 2355, pp. 196–210, 2002.zbMATHGoogle Scholar
  18. 18.
    R. A. Rueppel,Analysis and Design of Stream Ciphers. Berlin: Springer-Verlag, 1986.Google Scholar
  19. 19.
    T. Siegenthaler, “Decrypting a class of stream ciphers using ciphertext only”, IEEE Trans. Comput., vol. C-34, pp. 81–85, 1985.CrossRefGoogle Scholar
  20. 20.
    T. Siegenthaler, “Correlation-immunity of nonlinear combining functions for cryptographic applications”, IEEE Trans. Inform. Theory, vol. IT-30, pp. 776–780, 1984.MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Paul Camion
    • 1
  • Miodrag J. Mihaljević
    • 2
    • 3
  • Hideki Imai
    • 4
  1. 1.Centre National de la Recherche ScientifiqueUniversite Pierre et Marie CurieParisFrance
  2. 2.SONY CorporationTokyoJapan
  3. 3.Mathematical InstituteSerbian Academy of Sciences and ArtsBelgradeYugoslavia
  4. 4.Institute of Industrial ScienceUniversity of TokyoTokyoJapan

Personalised recommendations