Random Fault Attack against Shrinking Generator

  • Marcin Gomułkiewicz
  • Mirosław Kutyłowski
  • Paweł Wlaź
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5389)


We concern security of shrinking generator against fault attacks. While this pseudorandom bitstream generator is cryptographically strong and well suited for hardware implementations, especially for cheap artefacts, we show that using it for the devices that are not fault resistant is risky. That is, even if a device concerned is tamper-proof, generating random faults and analyzing the results may reveal secret keys stored inside the device.

For the attack we flip a random bit and observe propagation of errors. The attack uses peculiar properties of the shrinking generator and presents a new kind of threats for designs based on combining weaker generators. In particular, it indicates that potentially all designs based on combining LFSR generators might be practically weak due to slow propagation of errors in a single LFSR.


Control Register Input Sequence Control Sequence Output Sequence Input Generator 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alfke, P.: Efficient Shift Registers, LFSR Counters, and Long Pseudo-Random Sequence Generators. Application Note, XAPP 052 July 7 (1996) (Version 1.1),
  2. 2.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  3. 3.
    Coppersmith, D., Krawczyk, H., Mansour, Y.: The Shrinking Generator. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 22–39. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  4. 4.
    Dawson, E., Golič, J.D., Simpson, L.: A Probabilistic Correlation Attack on the Shrinking Generator. In: Boyd, C., Dawson, E. (eds.) ACISP 1998. LNCS, vol. 1438, pp. 147–158. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. 5.
    Ekdahl, P., Johansson, T., Meier, W.: Predicting the Shrinking Generator with Fixed Connections. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 330–344. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Golič, J.D., O’Connor, L.: Embedding and Probabilistic Correlation Attacks on Clock-Controlled Shift Registers. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 230–243. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  7. 7.
    Golič, J.D.: Correlation Analysis of the Shrinking Generator. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 440–457. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Gomułkiewicz, M., Kutyłowski, M., Vierhaus, T.H., Wlaź, P.: Synchronization Fault Cryptanalysis for Breaking A5/1. In: Nikoletseas, S.E. (ed.) WEA 2005. LNCS, vol. 3503, pp. 415–427. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Gomułkiewicz, M., Kutyłowski, M., Wlaź, P.: Fault Cryptanalysis and the Shrinking Generator. In: Àlvarez, C., Serna, M. (eds.) WEA 2006. LNCS, vol. 4007, pp. 61–72. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Krause, M.: BDD-based Cryptanalysis of Keystream Generators. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 222–237. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Krause, M., Lucks, S., Zenner, E.: Improved Cryptanalysis of the Self-Shrinking Generator. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, pp. 21–35. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Meier, W., Staffelbach, O.: The Self-shrinking Generator. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 205–214. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  13. 13.
    Mihaljevic, M.: A Faster Cryptanalysis of the Self-shrinking Generator. In: Pieprzyk, J.P., Seberry, J. (eds.) ACISP 1996. LNCS, vol. 1172, pp. 182–188. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  14. 14.
    Rao, T.R.N., Yang, C.-H., Zeng, K.: An Improved Linear Syndrome Algorithm in Cryptanalysis With Applications. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 34–47. Springer, Heidelberg (1991)Google Scholar
  15. 15.
    Zenner, E.: On the Efficiency of the Clock Control Guessing Attack. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 200–212. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Marcin Gomułkiewicz
    • 1
  • Mirosław Kutyłowski
    • 1
  • Paweł Wlaź
    • 2
  1. 1.Wrocław University of TechnologyPoland
  2. 2.Lublin University of TechnologyPoland

Personalised recommendations