Algebraic and Correlation Attacks against Linearly Filtered Non Linear Feedback Shift Registers

  • Côme Berbain
  • Henri Gilbert
  • Antoine Joux
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5381)


The filter generator is a well known and extensively studied stream cipher construction. It consists of a Linear Feedback Shift Register (LFSR) filtered by a non linear Boolean function. In this paper we focus on the dual construction, namely a linearly filtered Non linear Feedback Shift Register (NFSR). We show that the existing algebraic and correlation attacks against the filter generator can be transposed to mount algebraic or correlation attacks against this dual construction. We investigate such attacks and extend them to the case where a linearly filtered NFSR is combined linearly with one or more non linearly filtered LFSRs. We apply our algebraic attack to a modified version of Grain-128, resulting in an attack requiring 2105 computations and 239 keystream bits. Even though this attack does not apply to the original Grain-128, it shows that the use of a NFSR is not sufficient to avoid all algebraic attacks.


  1. 1.
    Armknecht, F., Krause, M.: Algebraic attacks on combiners with memory. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 162–175. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Ars, G., Faugère, J.: An Algebraic Cryptanalysis of Nonlinear Filter Generators using Gröbner Basis. Technical report, INRIA (2003)Google Scholar
  3. 3.
    Ars, G., Faugère, J.-C.: An algebraic cryptanalysis of nonlinear filter generators using groebner basis. INRIA (2003)Google Scholar
  4. 4.
    Berbain, C.: Analyse et conception d’algorithmes de chiffrement flot. PhD thesis, Université Paris. Diderot, Paris 7 (2007)Google Scholar
  5. 5.
    Berbain, C., Gilbert, H., Maximov, A.: Cryptanalysis of grain. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 15–29. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Braeken, A., Lano, J.: On the (Im)Possibility of practical and secure nonlinear filters and combiners. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 159–174. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Braeken, A., Lano, J., Mentens, N., Preneel, B., Verbauwhede, I.: SFINKS: A Synchonous Stream Cipher for Restricted Hardware Environments. In: eSTREAM, ECRYPT Stream Cipher Project (2005)Google Scholar
  8. 8.
    De Cannière, C., Preneel, B.: Trivium: Specifications. eSTREAM, ECRYPT Stream Cipher Project (2005)Google Scholar
  9. 9.
    Canteaut, A., Trabbia, M.: Improved fast correlation attacks using parity-check equations of weight 4 and 5. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 573–588. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Chose, P., Joux, A., Mitton, M.: Fast correlation attacks: An algorithmic point of view. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 209–221. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Courtois, N.T.: Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Courtois, N., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Englund, H., Johansson, T.: A new simple technique to attack filter generators and related ciphers. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 39–53. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Gong, G., Nawaz, Y.: The WG Stream Cipher. eSTREAM, ECRYPT Stream Cipher Project (2005)Google Scholar
  15. 15.
    Gouget, A., Sibert, H.: Revisiting correlation-immunity in filter generators. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 378–395. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  16. 16.
    Hell, M., Johansson, T., Maximov, A., Meier, W.: A Stream Cipher Proposal: Grain-128. eSTREAM, ECRYPT Stream Cipher Project (2006)Google Scholar
  17. 17.
    Hell, M., Johansson, T., Meier, W.: Grain - A Stream Cipher for Constrained Environments. eSTREAM, ECRYPT Stream Cipher Project (2005)Google Scholar
  18. 18.
    Johansson, T., Jönsson, F.: Fast correlation attacks based on turbo code techniques. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 181–197. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  19. 19.
    Johansson, T., Jönsson, F.: Improved fast correlation attacks on stream ciphers via convolutional codes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 347–362. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  20. 20.
    Leveiller, S., Zémor, G., Guillot, P., Boutros, J.: A new cryptanalytic attack for PN-generators filtered by a boolean function. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 232–249. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Levieil, É., Fouque, P.-A.: An improved LPN algorithm. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 348–359. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Lyubashevsky, V.: The parity problem in the presence of noise, decoding random linear codes, and the subset sum problem. In: Chekuri, C., Jansen, K., Rolim, J.D.P., Trevisan, L. (eds.) APPROX 2005 and RANDOM 2005. LNCS, vol. 3624, pp. 378–389. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Meier, W., Staffelbach, O.: Fast correlation attacks on stream ciphers. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 301–314. Springer, Heidelberg (1988)CrossRefGoogle Scholar
  24. 24.
    Siegenthaler, T.: Correlation-immunity of Non-linear Combining Functions for Cryptographic Applications. IEEE Transactions on Information Theory 30, 776–780 (1984)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Côme Berbain
    • 1
  • Henri Gilbert
    • 1
  • Antoine Joux
    • 2
  1. 1.Orange LabsIssy-les-MoulineauxFrance
  2. 2.DGA and Université de VersaillesVersailles CedexFrance

Personalised recommendations