Encryption System with Variable Number of Registers
Introduction
There are two types of symmetric ciphers: block ciphers and stream ciphers. Block ciphers tend to simultaneously encrypt a group of characters, usually of length 128, whereas stream ciphers act on individual characters of a plaintext message one at a time. Stream ciphers have faster execution in hardware than any already existing block cipher, and they have low error propagation rate. Several symmetric ciphers have been reported in the literature [1], [2], [3], [4], [5], [6], [7], [8], [9], [10], [11], [12], [13], [14], [15], [16], [17], [18], [19], [20]. Most of these ciphers are binary additive stream ciphers involving pseudorandom number generators, known as keystream generators. The latter is an algorithm that takes a short sequence of binary digits, usually regarded as the secret key, K, for the generation of a much longer random-looking sequence, known as the keystream. In a binary additive stream cipher, the plaintext, keystream and ciphertext are all in binary form. The keystream , is masked with the plaintext, , usually with an exclusive-or gate XOR (i.e., bitwise addition modulo 2), to produce the ciphertext, , which is transmitted over an insecure channel i.e.,
In symmetric key cryptography, the secret key K is exchanged between the communicating parties, hence the receiver can generate an identical keystream , and recover the plaintext by masking the ciphertext with the keystream i.e.,
Keystream generators are meant to approximate the one time pad (the only theoretically secure cipher) whose security follows from the fact that the bits of the keystream are randomly chosen. Therefore, when designing a stream cipher, the main goal for designers is to construct a keystream generator that can efficiently generate keystreams that are indistinguishable from truly random sequences. Most keystream generators are built up from simple devices that are easy to implement in software⧹hardware and run efficiently. A linear feedback shift register (LFSR) is a very good example of such devices. LFSRs are fast, simple to implement in hardware, and have mathematical techniques for analyzing them [21]. An LFSR is capable of generating sequences with long period and good statistical distribution properties. However, such sequences are linear, and can be easily predicted given some previous output bits. For this reason, LFSRs are unsuitable for direct keystreams generation. In order to use LFSRs in the design of keystream generators, their linearity must be destroyed. Several methods were proposed in the literature aim at introducing nonlinearity to keystreams generated by LFSRs-based keystream generators while preserving a long period and good statistical distribution properties of such keystreams. One method is to apply a nonlinear Boolean function in k variables to the outputs of a set of k regularly clocked LFSRs. Another method is to use one LFSR to control the clocking of one or several LFSRs (i.e., to irregularly clock LFSRs). The stop⧹go generator [1], alternating step generator (ASG) [2], shrinking generator [5], A5 [7], more generalized alternating step generator [12] and Delta [18] are examples of the latter method. Keystream generators based on regularly clocked LFSRs were shown to be subject to various cryptanalytic attacks including basic and fast correlation attacks [22]. In a fast correlation attack, the initial states of the LFSRs (which usually constitute the secret key) are reconstructed from a known portion of the keystream of the generator without performing an exhaustive search over all possible initial states. To achieve immunity to these correlation attacks, clock-controlled keystream generators that use irregular clocking were proposed. This technique limits the possibilities of performing classical correlation attacks [23]. This is due to the fact that in such a situation, a cryptanalyst having access to a portion of the keystream becomes unaware of which internal bits of the generating LFSRs contribute to which keystream bits.
In this paper, we propose a new keystream generator, Encryption System with Variable Number of Registers (ESVR), based on irregularly clocked feedback shift registers (FSRs). ESVR is intended for use in stream cipher applications, and it can be easily implemented in hardware. The generated keystreams are shown to possess the basic security requirements for cryptographic sequences, such as long period, high linear complexity and good statistical properties, provided that suitable parameters are selected. Furthermore, ESVR is shown to resist various types of cryptanalytic attacks.
ESVR keystream generator is a generalization of the alternating step generator (ASG) [2]. It is composed of feedback shift registers and that are interconnected such that the contents of some selected w fixed stages of the register controls the clocking of the other n registers. The secret key is often used to provide values for the initial states of the registers and the selected w fixed stages of . However, to achieve a maximum level of security the feedback functions of the registers should be included in the key.
The paper is organized as follows. In Section 2, we present related work to the proposed generator. Section 3 consists of a detailed description of ESVR. In Section 4, the properties of randomness of the generated keystreams such as long period, high linear complexity and good statistical properties are established. Section 5 presents a number of cryptanalytic attacks that can be applied on the proposed generator. Section 6 is devoted for the hardware implementation of ESVR. Section 7 presents a comparison with an existing generator (ASG) and experimental results. Finally, Section 8 consists of the conclusion of this paper.
Section snippets
Related work
ESVR is closely related to the alternating step generator ASG which was proposed by Gunther in [2]. ASG is made up of three FSRs and , where is used to control the clocking of and , and it operates as follows: at any time t, if the output bit of FSR is 1, then FSR is clocked once and FSR is not clocked; otherwise, FSR is clocked once and FSR is not clocked. The generated keystream is obtained as bitwise addition of the bits output by the two FSRs and . Suppose that ,
The construction
ESVR is a simple keystream generator intended for hardware implementation and based on feedback shift registers and . The components of ESVR can be divided into two subsystems the clock-control subsystem, which consists of the register that is referred to as the control register, and the sequence generation subsystem, which consists of the n registers and that are referred to as the generating registers. The control register of the clock-control
Randomness properties of
Suppose that is an FSR with initial state and feedback function such that the output sequence of is a de Bruijn sequence of span κ, and it has period [21]. Suppose that the feedback shift registers and are primitive linear feedback shift registers (LFSRs) with nonzero initial states and , respectively, and feedback functions and , respectively, where and are associated with primitive polynomials (known
Security analysis
In this section, we consider the typical cryptanalytic case for stream ciphers. We assume that the cryptanalyst has a complete knowledge of the algorithm, the only exception is the secret key. As suggested in Section 3, the secret key in the case of ESVR consists of the initial states of the registers and the selected w fixed stages. From a cryptanalysis point of view, stream ciphers involving keystream generators such as ESVR are required to resist cryptanalytic attacks performed in the
Hardware implementation
In this section, we present the hardware implementation of the proposed generator ESVR. We describe a method that allows a selection of stages of the control register to be variable. This means that this selection can be part of the key of ESVR.
The associated hardware can be described for the special case of four generating registers as follows. In this case, two stages of the controlling register, say of 64 stages, are used to select one of the four generating registers (see Fig. 1). To be
Comparison with ASG and experimental results
This section presents a comparison between the proposed generator ESVR and the alternating step generator ASG [2] which can be regarded as a special case of ESVR. ASG is simply an ESVR with and (i.e., the selected stage of the control register is the 0-th stage). Although ESVR is more expensive when it has the advantage of providing a higher level of security against some well-known cryptanalytic attacks (such as adaptive bit guessing attack and edit distance correlation attack),
Conclusion
In this paper, we have proposed a new keystream generator called ESVR intended for use in stream cipher applications. A complete description of the design of ESVR has been given. We have shown that for appropriately chosen components, keystreams generated by ESVR satisfy the basic security requirements such as long period, high linear complexity and good statistical properties. The resistance of this generator to well-known cryptanalytic attacks has also been considered to demonstrate its
Acknowledgements
I would like to thank Prof. Peter Wild and the anonymous referees for their helpful comments on the initial version of this manuscript.
References (56)
- et al.
An efficient algorithm to generate binary sequences for cryptographic purposes
Theor Comput Sci
(2001) - et al.
Stream ciphers for GSM networks
Comput Commun
(2001) - et al.
On the design and implementation of a RISC processor extension for the KASUMI encryption algorithm
Comput Electr Eng
(2008) - et al.
Implementation and analysis of stream ciphers based on the elliptic curves
Comput Electr Eng
(2009) - et al.
Design and analysis of a highly secure stream cipher based on linear feedback shift register
Comput Electr Eng
(2009) - et al.
Investigating some special sequence lengths generated in an external exclusive-NOR type LFSR
Comput Electr Eng
(2008) - et al.
New stream ciphers based on elliptic curve point multiplication
Comput Commun
(2009) Modified clock-controlled alternating step generators
Comput Commun
(2009)- et al.
Constrained many-to-one string editing with memory
Inform Sci
(1995) - et al.
The stop and go generator
Alternating step generators controlled by de Bruijn sequences
Clock-controlled shift registers in binary sequence generators
IEE Proc-E
The RC4 encryption algorithm
The shrinking generator
A software optimized encryption algorithm
J Cryptol
Scream: a software-efficient stream cipher
More generalized alternating step generator
An efficient cryptosystem Delta for stream cipher applications
Comput Electr Eng
Shift register sequences
Fast correlation attacks on certain stream ciphers
J Cryptol
Analysis and design of stream ciphers
On the efficiency of the clock control guessing attack
On the linear consistency test (LCT) in cryptanalysis with applications
A fast correlation attack on the shrinking generator
A generalized correlation attack on a class of stream ciphers based on the Levenstein distance
J Cryptol
Cited by (2)
A robust hybrid method for image encryption based on Hopfield neural network
2012, Computers and Electrical EngineeringCitation Excerpt :Information security plays a significant role in all fields such as internet communication, multimedia systems, medical imaging, telemedicine, and so on [1]. Recently, this topic has attracted increasing research attention [2–10]. The main obstacle in designing effective image encryption algorithms is that it is rather difficult to swiftly shuffle and diffuse such image data by traditional cryptographic means.
Dynamic linear feedback shift registers: A review
2014, 2014 the 5th International Conference on Information and Communication Technology for the Muslim World, ICT4M 2014