Advertisement

Linear cryptanalysis of stream ciphers

  • Jovan Dj. Golić
Session 3: Stream Ciphers-Cryptanalysis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1008)

Abstract

Starting from recent results on a linear statistical weakness of keystream generators and on linear correlation properties of combiners with memory, linear cryptanalysis of stream ciphers based on the linear sequential circuit approximation of finite-state machines is introduced as a general method for assessing the strength of stream ciphers. The statistical weakness can be used to reduce the uncertainty of unknown plaintext and also to reconstruct the unknown structure of a keystream generator, regardless of the initial state. The linear correlations in arbitrary keystream generators can be used for divide and conquer correlation attacks on the initial state based on known plaintext or ciphertext only. Linear cryptanalysis of irregularly clocked shift registers as well as of arbitrary shift register based binary keystream generators proves to be feasible. In particular, the direct stream cipher mode of block ciphers, the basic summation generator, the shrinking generator, the clock-controlled cascade generator, and the modified linear congruential generators are analyzed. It generally appears that simple shift register based keystream generators are potentially vulnerable to linear cryptanalysis. A proposal of a novel, simple and secure keystream generator is also presented.

Keywords

Boolean Function Block Cipher Shift Register Stream Cipher Linear Feedback Shift Register 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    E. Biham and A. Shamir, ”Differential cryptanalysis of DES-like cryptosystems,” Journal of Cryptology, 4(1):3–72, 1991.Google Scholar
  2. 2.
    U. Blöcher and M. Dichtl, ”Fish: a fast software stream cipher,” Fast Software Encryption — Cambridge '93, Lecture Notes of Computer Science, vol. 809, R. Anderson ed., Springer-Verlag, pp. 41–44, 1994.Google Scholar
  3. 3.
    W. G. Chambers and D. Gollmann, ”Lock-in effect in cascades of clock-controlled shift registers,” Advances in Cryptology — EUROCRYPT '88, Lecture Notes in Computer Science, vol. 330, C. G. Günther ed., Springer-Verlag, pp. 331–342, 1988.Google Scholar
  4. 4.
    W. G. Chambers, ”Two stream ciphers,” Fast Software Encryption — Cambridge '93, Lecture Notes of Computer Science, vol. 809, R. Anderson ed., Springer-Verlag, pp. 51–55, 1994.Google Scholar
  5. 5.
    V. Chepyzhov and B. Smeets, ”On a fast correlation attack on stream ciphers,” Advances in Cryptology — EUROCRYPT '91, Lecture Notes in Computer Science, vol. 547, D. V. Davies ed., Springer-Verlag, pp. 176–185, 1991.Google Scholar
  6. 6.
    D. Coppersmith, H. Krawczyk, and Y. Mansour, ”The shrinking generator,” Advances in Cryptology — CRYPTO '93, Lecture Notes in Computer Science, vol. 773, D. R. Stinson ed., Springer-Verlag, pp. 22–39, 1994.Google Scholar
  7. 7.
    C. Ding, G. Xiao, and W. Shan, The Stability Theory of Stream Ciphers. Lecture Notes in Computer Science, vol. 561, Springer-Verlag, 1991.Google Scholar
  8. 8.
    A. M. Frieze, J. Hastad, R. Kannan, J. C. Lagarias, and A. Shamir, ”Reconstructing truncated integer variables satisfying linear congruences,” SIAM J. Comput., 17:262–280, 1988.Google Scholar
  9. 9.
    J. Dj. Golić and M. V. Živković, ”On the linear complexity of nonuniformly decimated PN-sequences,” IEEE Trans. Inform. Theory, 34:1077–1079, Sep. 1988.Google Scholar
  10. 10.
    J. Dj. Golić and M. J. Mihaljević, ”A generalized correlation attack on a class of stream ciphers based on the Levenshtein distance,” Journal of Cryptology, 3(3):201–212, 1991.Google Scholar
  11. 11.
    J. Dj. Golić, ”Correlation via linear sequential circuit approximation of combiners with memory,” Advances in Cryptology — EUROCRYPT '92, Lecture Notes in Computer Science, vol. 658, R. A Rueppel ed., Springer-Verlag, pp. 113–123, 1993.Google Scholar
  12. 12.
    J. Dj. Golić, ”On the security of shift register based keystream generators,” Fast Software Encryption — Cambridge '93, Lecture Notes of Computer Science, vol. 809, R. J. Anderson ed., Springer-Verlag, pp. 90–100, 1994.Google Scholar
  13. 13.
    J. Dj. Golić, ”Intrinsic statistical weakness of keystream generators,” Pre-proceedings of Asiacrypt '94, pp. 72–83, Wollongong, Australia, 1994.Google Scholar
  14. 14.
    J. Dj. Golić, ”Linear models for keystream generators,” to appear in IEEE Trans. Computers.Google Scholar
  15. 15.
    J. Dj. Golić, ”Correlation properties of a general binary combiner with memory,” to appear in Journal of Cryptology.Google Scholar
  16. 16.
    D. Gollmann and W. G. Chambers, ”Clock controlled shift registers: a review,” IEEE J. Sel. Ar. Commun., 7(4):525–533, 1989.Google Scholar
  17. 17.
    D. Gollmann and W. G. Chambers, ”A cryptanalysis of stepk,m-cascades,” Advances in Cryptology — EUROCRYPT '89, Lecture Notes in Computer Science, vol. 434, J.-J. Quisquater and J. Vandewalle eds., Springer-Verlag, pp. 680–687, 1990.Google Scholar
  18. 18.
    J. L. Massey, ”Shift-register synthesis and BCH decoding,” IEEE Trans. Inform. Theory, 15:122–127, Jan. 1969.Google Scholar
  19. 19.
    J. L. Massey and R. A. Rueppel, ”Method of, and apparatus for, transforming a digital sequence into an encoded form” U. S. Patent No. 4,797,922, 1989.Google Scholar
  20. 20.
    M. Matsui, ”Linear cryptanalysis method for DES cipher,” Advances in Cryptology — EUROCRYPT '93, Lecture Notes in Computer Science, vol. 765, T. Helleseth ed., Springer-Verlag, pp. 386–387, 1994.Google Scholar
  21. 21.
    W. Meier and O. Staffelbach, ”Fast correlation attacks on certain stream ciphers,” Journal of Cryptology, 1(3):159–176, 1989.Google Scholar
  22. 22.
    W. Meier and O. Staffelbach, ”Correlation properties of combiners with memory in stream ciphers,” Journal of Cryptology, 5(1):67–86, 1992.Google Scholar
  23. 23.
    W. Meier and O. Staffelbach, ”The self-shrinking generator,” Pre-proceedings of Eurocrypt '94, Perugia, Italy, pp. 201–210, 1994.Google Scholar
  24. 24.
    R. Menicocci, ”Short Gollmann cascade generators may be insecure,” CODES AND CYPHERS, Cryptography and Coding IV, P. G. Farrell ed., The Institute of Mathematics and its Applications, pp. 281–297, 1995.Google Scholar
  25. 25.
    M. J. Mihaljević, ”An approach to the initial state reconstruction of a clockcontrolled shift register based on a novel distance measure,” Advances in Cryptology — AUSCRYPT '92, Lecture Notes in Computer Science, vol. 718, J. Seberry and Y. Zheng eds., Springer-Verlag, pp. 349–356, 1993.Google Scholar
  26. 26.
    K. Ohta and M. Matsui, ”Differential attack on message authentication codes,” Advances in Cryptology — CRYPTO '93, Lecture Notes in Computer Science, vol. 773, D. R. Stinson ed., Springer-Verlag, pp. 200–211, 1994.Google Scholar
  27. 27.
    B. Preneel, M. Nuttin, V. Rijmen, and J. Buelens, ”Cryptanalysis of the CFB mode of the DES with a reduced number of rounds,” Advances in Cryptology — CRYPTO '93, Lecture Notes in Computer Science, vol. 773, D. R. Stinson ed., Springer-Verlag, pp. 212–223, 1994.Google Scholar
  28. 28.
    R. A. Rueppel, Analysis and Design of Stream Ciphers. Berlin: Springer-Verlag, 1986.Google Scholar
  29. 29.
    R. A. Rueppel, ”Stream ciphers,” in Contemporary Cryptology: The Science of Information Integrity, G. Simmons ed., pp. 65–134. New York: IEEE Press, 1991.Google Scholar
  30. 30.
    T. Siegenthaler, ”Decrypting a class of stream ciphers using ciphertext only,” IEEE Trans. Comput., 34:81–85, Jan. 1985.Google Scholar
  31. 31.
    O. Staffelbach and W. Meier, ”Cryptographic significance of the carry for ciphers based on integer addition,” Advances in Cryptology — CRYPTO '90, Lecture Notes in Computer Science, vol. 537, A. J. Menezes and S. A. Vanstone eds., Springer-Verlag, pp. 601–614, 1991.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Jovan Dj. Golić
    • 1
    • 2
  1. 1.Information Security Research CentreQueensland University of TechnologyBrisbaneAustralia
  2. 2.School of Electrical EngineeringUniversity of BelgradeUSA

Personalised recommendations