Correlation Properties of Combiners with Memory in Stream Ciphers (Extended Abstract)
- 1.6k Downloads
In stream cipher design pseudo random generators have been proposed which combine the output of one or several LFSRs in order to produce the key stream. For memoryless combiners it is known that the produced sequence has correlation to sums of certain LFSR-sequences whose correlation coefficients c i satisfy the equation Σi c i 2 = 1. It is proved that a corresponding result also holds for combiners with memory.
If correlation probabilities are conditioned on side information, e.g. on known output digits, it is shown that new or stronger correlations may occur. This is exemplified for the summation cipher with two LFSRs where such correlations can be exploited in a known plaintext attack. A cryptanalytic algorithm is given which is shown to be successful for LFSRs of considerable length and with arbitrary feedback connection.
KeywordsBoolean Function Correlation Property Side Information General Combiner Stream Cipher
- W. Feller, An Introduction to Probability Theory and its Applications, Vol 1, John Wiley & Sons, Inc., 1968.Google Scholar
- W. Meier, O. Staffelbach, Nonlinearity Criteria for Cryptographic Functions, Proceedings of Eurocrypt’89, Springer-Verlag, to appear.Google Scholar
- W. Meier, O. Staffelbach, Correlation Properties of Combiners with Memory in Stream Ciphers, full paper to appear in the Journal of Cryptology.Google Scholar
- R.A. Rueppel, Correlation Immunity and the Summation Generator, Advances in Cryptology—Crypto’85, Proceedings, pp. 260–272, Springer-Verlag, 1986.Google Scholar
- R.A. Rueppel, Analysis and Design of Stream Ciphers, Springer-Verlag, 1986.Google Scholar
- O. Staffelbach, W. Meier, Cryptographic Significance of the Carry for Ciphers Based on Integer Addition, Proceedings of Crypto’90, Springer-Verlag, to appear.Google Scholar