Abstract
Correlation properties of a general binary combiner with an arbitrary number M of memory bits are derived and novel design criteria proposed. For any positive integer m, the sum of the squares of the correlation coefficients between all nonzero linear functions of m successive output bits and all linear functions of the corresponding m successive inputs is shown to be dependent upon a particular combiner, unlike the memoryless combiners. The minimum and maximum values of the correlation sum as well as the necessary and sufficient conditions for them to be achieved are determined. It turns out that the security of combiners with memory can be considerably improved if M is not small.
An efficient linear sequential circuit approximation (LSCA) method is developed for obtaining output and input linear functions with comparatively large correlation coefficients which is feasible for large M and works for any practical scheme. The method consists in deriving and solving a linear sequential circuit with additional nonbalanced inputs that is based on linear approximations of the output and the component next-state functions. The corresponding correlation attack on combiners with linear feedback shift registers is analyzed and it is shown that every such combiner with or without memory is essentially zero-order correlation immune.
Article PDF
Similar content being viewed by others
References
A. Gill, Linear Sequential Circuits, McGraw-Hill, New York, 1966.
J. Dj. Golić, Intrinsic statistical weakness of keystream generators, Advances in Cryptology—Asiacrypt '94, Lecture Notes in Computer Science, vol. 917, J. Pieprzyk and R. Safavi-Naimi, eds.. Springer-Verlag, Berlin, 1995, pp. 91–103.
J. Dj. Golić, Linear models for keystream generators, IEEE Trans. Comput., to appear.
W. Meier and O. Staffelbach, Fast correlation attacks on certain stream ciphers, J. Cryptology, 1(3):159–176, 1989.
W. Meier and O. Staffelbach, Nonlinearity criteria for cryptographic functions, Advances in Cryptology—Eurocrypt '89, Lecture Notes in Computer Science, vol. 434, J.-J. Quisquater and J. Vandewalle, eds., Springer-Verlag, Berlin, 1990, pp. 549–562.
W. Meier and O. Staffelbach, Correlation properties of combiners with memory in stream ciphers, J. Cryptology, 5(1):67–86, 1992.
R. A. Rueppel, Analysis and Design of Stream Ciphers, Springer-Verlag, Berlin, 1986.
R. A. Rueppel, Correlation immunity and the summation generator, Advances in Cryptology—Crypto '85, Lecture Notes in Computer Science, vol. 218, H. C. Williams, ed., Springer-Verlag, Berlin, 1986, pp. 260–272.
T. Siegenthaler, Correlation immunity of nonlinear combining functions for cryptographic applications, IEEE Trans. Inform. Theory, 30:776–780, September 1984.
T. Siegenthaler, Decrypting a class of stream ciphers using ciphertext only, IEEE Trans. Comput., 34:81–85, January 1985.
G. Z. Xiao and J. L. Massey, A spectral characterization of correlation-immune combining functions, IEEE Trans. Inform. Theory, 34:569–571, May 1988.
Author information
Authors and Affiliations
Additional information
Communicated by Rainer Rueppel
A preliminary version of this paper was presented at Eurocrypt '92 and was published in the proceedings. This research was supported in part by the Science Fund of Serbia, Grant #0403, through the Institute of Mathematics, Serbian Academy of Arts and Sciences.
Rights and permissions
About this article
Cite this article
Golić, J.D. Correlation properties of a general binary combiner with memory. J. Cryptology 9, 111–126 (1996). https://doi.org/10.1007/BF00190805
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/BF00190805