Abstract
It is shown that an arbitrary binary keystream generator with M bits of memory can be linearly modelled as a non-autonomous linear feedback shift register of length at most M with an additive input sequence of nonbalanced identically distributed binary random variables. An effective method for the linear model determination based on the linear sequential circuit approximation of autonomous finite-state machines is developed. Linear models for clock-controlled shift registers and arbitrary shift register based keystream generators are derived. Several examples including the time-variant memoryless combiner, the basic summation generator, the stop-and-go cascade, and the shrinking generator are presented. Linear models are the basis for a general structure-dependent and initial-state-independent statistical test and they may also be used for correlation attacks on the initial-state. Theoretical security against the introduced statistical attack appears hard to control in practice and hard to achieve with simple schemes.
This research was supported in part by the Science Fund of Serbia, grant #0403, through the Institute of Mathematics, Serbian Academy of Arts and Sciences.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
R. J. Anderson, ”Solving a class of stream ciphers,” Cryptologia, 14(3):285–288, 1990.
W. G. Chambers and D. Gollmann, ”Lock-in effect in cascades of clock-controlled shift registers,” Advances in Cryptology — EUROCRYPT '88, Lecture Notes in Computer Science, vol. 330, C. G. Günther ed., Springer-Verlag, pp. 331–342, 1988.
D. Coppersmith, H. Krawczyk, and Y. Mansour, ”The shrinking generator,” Advances in Cryptology — CRYPTO '93, Lecture Notes in Computer Science, vol. 773, D. R. Stinson ed., Springer-Verlag, pp. 22–39, 1994.
R. G. Gallager, ”Low-density parity-check codes,” IRE Trans. Inform. Theory, 8:21–28, Jan. 1962.
J. Dj. Golić and M. V. Živković, ”On the linear complexity of nonuniformly decimated PN-sequences,” IEEE Trans. Inform. Theory, 34:1077–1079, Sep. 1988.
J. Dj. Golić and M. J. Mihaljević, ”Minimal linear equivalent analysis of a variablememory binary sequence generator,” IEEE Trans. Inform. Theory, 36:190–192, Jan. 1990.
J. Dj. Golić and M. J. Mihaljević, ”A generalized correlation attack on a class of stream ciphers based on the Levenshtein distance,” Journal of Cryptology, 3(3):201–212, 1991.
J. Dj. Golić, ”Correlation via linear sequential circuit approximation of combiners with memory,” Advances in Cryptology — EUROCRYPT '92, Lecture Notes in Computer Science, vol. 658, R. A Rueppel ed., Springer-Verlag, pp. 113–123, 1993.
J. Dj. Golić and S. V. Petrović, ”A generalized correlation attack with a probabilistic constrained edit distance,” Advances in Cryptology — EUROCRYPT '92, Lecture Notes in Computer Science, vol. 658, R. A. Rueppel ed., Springer-Verlag, pp. 472–476, 1992.
J. Dj. Golić, ”On the security of shift register based keystream generators,” Fast Software Encryption '93, Lecture Notes of Computer Science, vol. 809, R. J. Anderson ed., Springer-Verlag, pp. 90–100, 1994.
D. Gollmann and W. G. Chambers, ”Clock controlled shift registers: a review,” IEEE J. Sci. Ar. Commun., 7(4):525–533, 1989.
M. D. MacLaren and G. Marsaglia, ”Uniform random number generators,” J. Ass. Comput. Machinery, 12:83–89, 1965.
J. L. Massey, ”Shift register sequences and BCH decoding,” IEEE Trans. Inform. Theory, 15:122–127, 1969.
J. L. Massey and R. A. Rueppel, ”Method of, and apparatus for, transforming a digital sequence into an encoded form” U. S. Patent, No. 4,797,922, 1989.
W. Meier and O. Staffelbach, ”Fast correlation attacks on certain stream ciphers,” Journal of Cryptology, 1(3):159–176, 1989.
R. Menicocci, ”Short Gollmann cascade generators may be insecure,” Abstracts of the Fourth IMA Conference on Coding and Cryptography, Cirencester, 1993, to appear in the Proceedings, Oxford University Press.
M. J. Mihaljević, ”An approach to the initial state reconstruction of a clockcontrolled shift register based on a novel distance measure,” Advances in Cryptology — AUSCRYPT '92, Lecture Notes in Computer Science, vol. 718, J. Seberry and Y. Zheng eds., Springer-Verlag, pp. 349–356, 1993.
R. A. Rueppel, ”Stream ciphers,” in Contemporary Cryptology: The Science of Information Integrity, G. Simmons ed., pp. 65–134. New York: IEEE Press, 1991.
T. Siegenthaler, ”Decrypting a class of stream ciphers using ciphertext only,” IEEE Trans. Comput., 34:81–85, Jan. 1985.
K. C. Zeng, C. H. Yang, and T. R. N. Rao, ”On the linear consistency test (LCT) in cryptanalysis and its applications,” Advances in Cryptology — CRYPTO '89, Lecture Notes in Computer Science, vol. 218, G. Brassard ed., Springer-Verlag, pp. 164–174, 1990.
M. V. Živković, ”An algorithm for the initial state reconstruction of the clockcontrolled shift register,” IEEE Trans. Inform. Theory, 37:1488–1490, Sep. 1991.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Golić, J.D. (1995). Intrinsic statistical weakness of keystream generators. In: Pieprzyk, J., Safavi-Naini, R. (eds) Advances in Cryptology — ASIACRYPT'94. ASIACRYPT 1994. Lecture Notes in Computer Science, vol 917. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0000427
Download citation
DOI: https://doi.org/10.1007/BFb0000427
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-59339-3
Online ISBN: 978-3-540-49236-8
eBook Packages: Springer Book Archive