A Fast Correlation Attack for LFSR-Based Stream Ciphers

  • Sarbani Palit
  • Bimal K. Roy
  • Arindom De
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2846)


This paper describes a novel fast correlation attack of stream ciphers. The salient feature of the algorithm is the absence of any pre-processing or iterative phase, an usual feature of existing fast correlation attacks. The algorithm attempts to identify a number of bits of the original linear feedback shift register (LFSR) output from the received bits of the ciphertext. These are then used to construct a system of linear equations which are subsequently solved to obtain the initial conditions. The algorithm is found to perform well for LFSRs of large sizes but having sparse polynomials. It may be noted that such polynomials have low Hamming weight which is one more than the number of feedback connections or “taps” of the corresponding LFSR. Its performance is good in situations even where limited cipherlength is available. Another important contribution of the paper is a modification of the approach when the LFSR outputs are combined by a function which is correlation immune and perhaps, unknown to the decrypter.


Stream cipher Correlation attack LFSR polynomial Correlation immune function 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brynielsson, L.: A short proof of the Xiao-Massey lemma. IEEE Transactions on Information theory IT-35(6), 1344 (1989)CrossRefMathSciNetGoogle Scholar
  2. 2.
    Canteaut, A., Trabbia, M.: Improved Fast Correlation Attacks Using Parity- Check Equations of Weight 4 and 5. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 573–588. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Canteaut, A., Filiol, É.: Ciphertext only reconstruction of stream ciphers based on combination generators. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 165–180. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Chepyzhov, V., Smeets, B.: On a fast correlation attack on stream ciphers. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 176–185. Springer, Heidelberg (1991)Google Scholar
  5. 5.
    Chepyzhov, V.V., Johansson, T., Smeets, B.: A simple algorithm for fast correlation attacks on stream ciphers. Fast Software Encryption (2000)Google Scholar
  6. 6.
    Clark, A., Golić, J., Dawson, E.: A comparison of fast correlation attacks. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 145–157. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Forre, R.: A fast correlation attack on non-linearly feedforward filtered shift register sequences. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 586–595. Springer, Heidelberg (1990)Google Scholar
  8. 8.
    Johansson, T., Jönsson, F.: Improved fast correlation attacks on stream ciphers via convolutional codes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 347–362. Springer, Heidelberg (1999)Google Scholar
  9. 9.
    Johansson, T., Jönsson, F.: Fast correlation attacks based on Turbo Code techniques. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 181–197. Springer, Heidelberg (1999)Google Scholar
  10. 10.
    Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. Journal of Cryptology 1(3), 159–176 (1989)MATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Mihaljevic, M.J., Golić, J.: A comparison of cryptanalytic principles based on iterative error-correction. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 527–531. Springer, Heidelberg (1991)Google Scholar
  12. 12.
    Mihaljević, M., Fossorier, M.P.C., Imai, H.: Fast Correlation Attack Algorithm with List Decoding and an Application. In: Fast Software Encryption- FSE 2000 (2000)Google Scholar
  13. 13.
    Palit, S., Roy, B.K.: Cryptanalysis of LFSR-encrypted codes with unknown combining function. In: Lam, K.-Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT 1999. LNCS, vol. 1716, pp. 306–320. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  14. 14.
    Siegenthaler, T.: Decrypting a class of stream ciphers using ciphertext only. IEEE Transactions on Computers c-34(1), 81–85 (1985)CrossRefGoogle Scholar
  15. 15.
    Siegenthaler, T.: Correlation-Immunity of Nonlinear Combining functions for Cryptographic Applications. IEEE Transactions on Information Theory 30(5), 776–780 (1984)MATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Xiao, G., Massey, J.L.: A spectral characterization of correlation-immune combining functions. IEEE Transactions on Information theory IT-34(3), 564–571 (1988)MathSciNetGoogle Scholar
  17. 17.
    Zeng, K., Huang, M.: On the linear syndrome method in cryptanalysis. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 469–478. Springer, Heidelberg (1990)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Sarbani Palit
    • 1
  • Bimal K. Roy
    • 2
  • Arindom De
    • 3
  1. 1.Computer Vision & Pattern Recognition Unit 
  2. 2.Applied Statistics Unit 
  3. 3.Indian Statistical Institute, INDIA 

Personalised recommendations