Abstract
Many of the keystream generators which are used in practice are LFSR-based in the sense that they produce the keystream according to a rule y = C(L(x)), where L(x) denotes an internal linear bitstream, produced by a small number of parallel linear feedback shift registers (LFSRs), and C denotes some nonlinear compression function. We present an nO(1)2(1−α)/(1+α)n time bounded attack, the FBDD-attack, against LFSR-based generators, which computes the secret initial state x ∈ 0, 1n from cn consecutive keystream bits, where α denotes the rate of information, which C reveals about the internal bitstream, and c denotes some small constant. The algorithm uses Free Binary Decision Diagrams (FBDDs), a data structure for minimizing and manipulating Boolean functions. The FBDD-attack yields better bounds on the effective key length for several keystream generators of practical use, so a 0.656n bound for the self-shrinking generator, a 0.6403n bound for the A5/1 generator, used in the GSM standard, a 0.6n bound for the E0 encryption standard in the one level mode, and a 0.8823n bound for the two-level E 0 generator used in the Bluetooth wireless LAN system.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
E. Biham, O. Dunkelman. Cryptanalysis of the A5/1 GSM Stream Cipher. Proc. of INDOCRYPT 2000, LNCS 1977, 43–51.
A. Biryukov, A. Shamir, D. Wagner. Real Time Cryptanalysis of A5/1 on a PC. Proc. of Fast Software Encryption 2000, LNCS 1978, 1–18.
Bluetooth SIG. Bluetooth Specification Version 1.0 B, http://www.bluetooth.com
R. E. Bryant. Graph-based algorithms for Boolean function manipulations. IEEE Trans. on Computers 35, 1986, 677–691.
M. Briceno, I. Goldberg, D. Wagner. A pedagogical implementation of A5/1. http://www.scard.org, May 1999.
C. de Canniere. Analysis of the Bluetooth Stream Cipher. Master’s Project COSIC, Leuven, 2001.
S. R. Fluhrer, S. Lucks. Analysis of the E0 Encryption System. Technical Report, Universität Mannheim 2001.
J. D. Golić. Cryptanalysis of alleged A5/1 stream cipher. Proc. of EUROCRYPT’97, LNCS 1233, 239–255.
J. Gergov, Ch. Meinel. Efficient Boolean function manipulation with OBDDs can be generalized to FBDDs. IEEE Trans. on Computers 43, 1994, 1197–1209.
S. W. Golomb. Shift Register Sequences. Aegean Park Press, Laguna Hills, revised edition 1982.
M. Krause. BDD-based Cryptanalysis of Keystream Generators. Report 2001/092 in the Cryptology ePrint Archive (http://eprint.iacr.org/curr/).
Ch. Meinel. Modified Branching Programs and their Computational Power. LNCS 370, 1989.
M. J. Mihaljević. A faster Cryptanalysis of the Self-Shrinking Generator. Proc. of ACIPS’96, LNCS 1172, 182–189.
W. Meier, O. Staffelbach. The Self-Shrinking Generator. Proc. of EUROCRYPT’94, LNCS 950, 205–214.
R. A. Rueppel. Stream Ciphers. Contemporary Cryptology: The Science of Information Integrity. G. Simmons ed., IEEE Press New York, 1991.
D. Sieling, I. Wegener. Graph driven BDDs-a new data structure for Boolean functions. Theoretical Computer Science 141, 1995, 283–310.
I. Wegener. Branching Programs and Binary Decision Diagrams. SIAM Monographs on Discrete Mathematics and Applications. Philadelphia 2000.
E. Zenner. Kryptographische Protokolle im GSM Standard: Beschreibung und Kryptanalyse (in german). Master Thesis, University of Mannheim, 1999.
E. Zenner, M. Krause, S. Lucks. Improved Cryptanalysis of the Self-Shrinking Generator. Proc. of ACIPS’2001, LNCS 2119, 21–35.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Krause, M. (2002). BDD-Based Cryptanalysis of Keystream Generators. In: Knudsen, L.R. (eds) Advances in Cryptology — EUROCRYPT 2002. EUROCRYPT 2002. Lecture Notes in Computer Science, vol 2332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46035-7_15
Download citation
DOI: https://doi.org/10.1007/3-540-46035-7_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43553-2
Online ISBN: 978-3-540-46035-0
eBook Packages: Springer Book Archive