On Fibonacci keystream generators

  • Ross Anderson
Session 8: Recent Results
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1008)


A number of keystream generators have been proposed which are based on Fibonacci sequences, and at least one has been fielded. They are attractive in that they can use some of the security results from the theory of shift register based keystream generators, while running much more quickly in software. However, new designs bring new risks, and we show how a system proposed at last year's workshop, the Fibonacci Shrinking Genertor (FISH), can be broken by an opponent who knows a few thousand words of keystream. We then discuss how such attacks can be avoided, and present a new algorithm, PIKE, which is based on the A5 algorithm used in GSM telephones.


  1. [1]
    RA Rueppel, ‘Analysis and Design of Stream Ciphers', Springer Verlag Communications and Control Engineering Series (1986)Google Scholar
  2. [2]
    D Coppersmith, H Krawczyk, Y Mansour, “The Shrinking Generator”, in Advances in Cryptology — CRYPTO '93, Springer LNCS v 773 pp 22–39Google Scholar
  3. [3]
    H Krawczyk, “The Shrinking Generator: some practical considerations”, in Fast Software Encryption, Springer LNCS v 809 pp 45–46Google Scholar
  4. [4]
    DJ Wheeler, “A Bulk Data Encryption Algorithm”, in Fast Software Encryption, Springer LNCS v 809 pp 126–134Google Scholar
  5. [5]
    P Rogaway, D Coppersmith, “A Software-Optimised Encryption Algorithm”, in Fast Software Encryption, Springer LNCS v 809 pp 56–63Google Scholar
  6. [6]
    U Blöcher, M Dichtl, “Fish: a fast software stream cipher”, in Fast Software Encryption, Springer LNCS v 809 pp 41–44Google Scholar
  7. [7]
    JD Golić, “Linear Cryptanalysis of Stream Ciphers”, this volume Google Scholar
  8. [8]
    RP Brent, “On the periods of generalised Fibonacci sequences”, in Mathematics of Computation v 63 no 207 (July 1994) pp 389–401Google Scholar
  9. [9]
    RJ Anderson, “Solving a Class of Stream Ciphers”, in Cryptologia v XIV no 3 (July 1990) pp 285–288Google Scholar
  10. [10]
    W Meier, O Staffelbach, “Fast Correlation Attacks on Certain Stream Ciphers”, in Journal of Cryptology v 1 (1989) pp 159–176Google Scholar
  11. [11]
    DJC MacKay, ‘A Free Energy Minimization Framework for Inference Problems in Modulo 2 Arithmetic” in this volume pp 179–195Google Scholar
  12. [12]
    TR Cain, AT Sherman, “How to break Gifford's Cipher”, in Proceedings of the 2nd ACM Conference on Computer and Communications Security (Fairfax, 1994) pp 198–209Google Scholar
  13. [13]
    RJ Anderson, “A5 (Was: HACKING DIGITAL PHONES)”, message number 〈2ts9a0$〉 posted to usenet newsgroup sci.crypt, 17 Jun 1994 13:43:28 GMT.Google Scholar
  14. [14]
    M Roe, private communication Google Scholar
  15. [15]
    WG Chambers, “On Random Mappings and Random Permutations”, this volume pp 22–28Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Ross Anderson
    • 1
  1. 1.Computer LaboratoryCambridge

Personalised recommendations