On the Success of the Embedding Attack on the Alternating Step Generator
The edit distance correlation attack on the well-known alternating step generator for stream cipher applications was proposed by Golić and Menicocci. The attack can be successful only if the probability of the zero edit distance, the so-called embedding probability, conditioned on a given segment of the output sequence, decreases with the segment length, and if the decrease is exponential, then the required segment length is linear in the total length of the two linear feedback shift registers involved. The exponential decrease for the maximal value of the embedding probability as a function of the given output segment was estimated experimentally by Golić and Menicocci. In this paper, by using the connection with the interleaving and decimation operations, the embedding probability is theoretically analyzed. Tight exponentially small upper bounds on the maximal embedding probability are thus derived. Sharp exponentially small lower and upper bounds on the minimal embedding probability are also determined.
KeywordsCorrelation attack decimation edit distance embedding probability interleaving sequences
- 4.Golić, J.D., Menicocci, R.: Edit distance correlation attack on the alternating step generator. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 499–512. Springer, Heidelberg (1997)Google Scholar
- 5.Golić, J.D., Menicocci, R.: Edit probability correlation attack on the alternating step generator. In: Ding, C., Helleseth, T., Niederreiter, H. (eds.) Sequences and their Applications - SETA 1998. Discrete Mathematics and Theoretical Computer Science, pp. 213–227. Springer, Heidelberg (1999)Google Scholar
- 6.Günther, C.G.: Alternating step generators controlled by de Bruijn sequences. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 5–14. Springer, Heidelberg (1988)Google Scholar
- 7.Jiang, S., Gong, G.: On edit distance attack to alternating step generator (unpublished manuscript)Google Scholar