Abstract
Starting from recent results on a linear statistical weakness of keystream generators and on linear correlation properties of combiners with memory, linear cryptanalysis of stream ciphers based on the linear sequential circuit approximation of finite-state machines is introduced as a general method for assessing the strength of stream ciphers. The statistical weakness can be used to reduce the uncertainty of unknown plaintext and also to reconstruct the unknown structure of a keystream generator, regardless of the initial state. The linear correlations in arbitrary keystream generators can be used for divide and conquer correlation attacks on the initial state based on known plaintext or ciphertext only. Linear cryptanalysis of irregularly clocked shift registers as well as of arbitrary shift register based binary keystream generators proves to be feasible. In particular, the direct stream cipher mode of block ciphers, the basic summation generator, the shrinking generator, the clock-controlled cascade generator, and the modified linear congruential generators are analyzed. It generally appears that simple shift register based keystream generators are potentially vulnerable to linear cryptanalysis. A proposal of a novel, simple and secure keystream generator is also presented.
This research was supported in part by the Science Fund of Serbia, grant #0403, through the Institute of Mathematics, Serbian Academy of Arts and Sciences
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
E. Biham and A. Shamir, ”Differential cryptanalysis of DES-like cryptosystems,” Journal of Cryptology, 4(1):3–72, 1991.
U. Blöcher and M. Dichtl, ”Fish: a fast software stream cipher,” Fast Software Encryption — Cambridge '93, Lecture Notes of Computer Science, vol. 809, R. Anderson ed., Springer-Verlag, pp. 41–44, 1994.
W. G. Chambers and D. Gollmann, ”Lock-in effect in cascades of clock-controlled shift registers,” Advances in Cryptology — EUROCRYPT '88, Lecture Notes in Computer Science, vol. 330, C. G. Günther ed., Springer-Verlag, pp. 331–342, 1988.
W. G. Chambers, ”Two stream ciphers,” Fast Software Encryption — Cambridge '93, Lecture Notes of Computer Science, vol. 809, R. Anderson ed., Springer-Verlag, pp. 51–55, 1994.
V. Chepyzhov and B. Smeets, ”On a fast correlation attack on stream ciphers,” Advances in Cryptology — EUROCRYPT '91, Lecture Notes in Computer Science, vol. 547, D. V. Davies ed., Springer-Verlag, pp. 176–185, 1991.
D. Coppersmith, H. Krawczyk, and Y. Mansour, ”The shrinking generator,” Advances in Cryptology — CRYPTO '93, Lecture Notes in Computer Science, vol. 773, D. R. Stinson ed., Springer-Verlag, pp. 22–39, 1994.
C. Ding, G. Xiao, and W. Shan, The Stability Theory of Stream Ciphers. Lecture Notes in Computer Science, vol. 561, Springer-Verlag, 1991.
A. M. Frieze, J. Hastad, R. Kannan, J. C. Lagarias, and A. Shamir, ”Reconstructing truncated integer variables satisfying linear congruences,” SIAM J. Comput., 17:262–280, 1988.
J. Dj. Golić and M. V. Živković, ”On the linear complexity of nonuniformly decimated PN-sequences,” IEEE Trans. Inform. Theory, 34:1077–1079, Sep. 1988.
J. Dj. Golić and M. J. Mihaljević, ”A generalized correlation attack on a class of stream ciphers based on the Levenshtein distance,” Journal of Cryptology, 3(3):201–212, 1991.
J. Dj. Golić, ”Correlation via linear sequential circuit approximation of combiners with memory,” Advances in Cryptology — EUROCRYPT '92, Lecture Notes in Computer Science, vol. 658, R. A Rueppel ed., Springer-Verlag, pp. 113–123, 1993.
J. Dj. Golić, ”On the security of shift register based keystream generators,” Fast Software Encryption — Cambridge '93, Lecture Notes of Computer Science, vol. 809, R. J. Anderson ed., Springer-Verlag, pp. 90–100, 1994.
J. Dj. Golić, ”Intrinsic statistical weakness of keystream generators,” Pre-proceedings of Asiacrypt '94, pp. 72–83, Wollongong, Australia, 1994.
J. Dj. Golić, ”Linear models for keystream generators,” to appear in IEEE Trans. Computers.
J. Dj. Golić, ”Correlation properties of a general binary combiner with memory,” to appear in Journal of Cryptology.
D. Gollmann and W. G. Chambers, ”Clock controlled shift registers: a review,” IEEE J. Sel. Ar. Commun., 7(4):525–533, 1989.
D. Gollmann and W. G. Chambers, ”A cryptanalysis of stepk,m-cascades,” Advances in Cryptology — EUROCRYPT '89, Lecture Notes in Computer Science, vol. 434, J.-J. Quisquater and J. Vandewalle eds., Springer-Verlag, pp. 680–687, 1990.
J. L. Massey, ”Shift-register synthesis and BCH decoding,” IEEE Trans. Inform. Theory, 15:122–127, Jan. 1969.
J. L. Massey and R. A. Rueppel, ”Method of, and apparatus for, transforming a digital sequence into an encoded form” U. S. Patent No. 4,797,922, 1989.
M. Matsui, ”Linear cryptanalysis method for DES cipher,” Advances in Cryptology — EUROCRYPT '93, Lecture Notes in Computer Science, vol. 765, T. Helleseth ed., Springer-Verlag, pp. 386–387, 1994.
W. Meier and O. Staffelbach, ”Fast correlation attacks on certain stream ciphers,” Journal of Cryptology, 1(3):159–176, 1989.
W. Meier and O. Staffelbach, ”Correlation properties of combiners with memory in stream ciphers,” Journal of Cryptology, 5(1):67–86, 1992.
W. Meier and O. Staffelbach, ”The self-shrinking generator,” Pre-proceedings of Eurocrypt '94, Perugia, Italy, pp. 201–210, 1994.
R. Menicocci, ”Short Gollmann cascade generators may be insecure,” CODES AND CYPHERS, Cryptography and Coding IV, P. G. Farrell ed., The Institute of Mathematics and its Applications, pp. 281–297, 1995.
M. J. Mihaljević, ”An approach to the initial state reconstruction of a clockcontrolled shift register based on a novel distance measure,” Advances in Cryptology — AUSCRYPT '92, Lecture Notes in Computer Science, vol. 718, J. Seberry and Y. Zheng eds., Springer-Verlag, pp. 349–356, 1993.
K. Ohta and M. Matsui, ”Differential attack on message authentication codes,” Advances in Cryptology — CRYPTO '93, Lecture Notes in Computer Science, vol. 773, D. R. Stinson ed., Springer-Verlag, pp. 200–211, 1994.
B. Preneel, M. Nuttin, V. Rijmen, and J. Buelens, ”Cryptanalysis of the CFB mode of the DES with a reduced number of rounds,” Advances in Cryptology — CRYPTO '93, Lecture Notes in Computer Science, vol. 773, D. R. Stinson ed., Springer-Verlag, pp. 212–223, 1994.
R. A. Rueppel, Analysis and Design of Stream Ciphers. Berlin: Springer-Verlag, 1986.
R. A. Rueppel, ”Stream ciphers,” in Contemporary Cryptology: The Science of Information Integrity, G. Simmons ed., pp. 65–134. New York: IEEE Press, 1991.
T. Siegenthaler, ”Decrypting a class of stream ciphers using ciphertext only,” IEEE Trans. Comput., 34:81–85, Jan. 1985.
O. Staffelbach and W. Meier, ”Cryptographic significance of the carry for ciphers based on integer addition,” Advances in Cryptology — CRYPTO '90, Lecture Notes in Computer Science, vol. 537, A. J. Menezes and S. A. Vanstone eds., Springer-Verlag, pp. 601–614, 1991.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Golić, J.D. (1995). Linear cryptanalysis of stream ciphers. In: Preneel, B. (eds) Fast Software Encryption. FSE 1994. Lecture Notes in Computer Science, vol 1008. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-60590-8_13
Download citation
DOI: https://doi.org/10.1007/3-540-60590-8_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60590-4
Online ISBN: 978-3-540-47809-6
eBook Packages: Springer Book Archive