P. Hawkes and G. Rose. Exploiting multiples of the connection polynomial in word-oriented stream ciphers. Advances in Cryptology - ASIACRYPT 2000, Lecture Notes in Computer Science, vol. 1976, T. Okamoto (Ed.), Springer, pp. 303-316, 2000.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....15, 17 #TLFSR = 2, 4, 11, 13, 15, 17 NLF TNLF = 1, 6, 13, 16 #TNLF = 1, 3, 5, 6, 7, 10, 12, 13, 15, 16 Table 2. tap set and di#erence tap set of the LFSR and the NLF NLF are indeed full positive di#erence sets. In order to provide su#cent resistance against guess and determine attacks [HR00], the tap position of the LFSR are well suited to the taps of the NLF . 3.6 Theoretical attacks In [Gol96] a necessary security requirement of a filter generator is that the LFSR length n and the algebraic order k of the non linear filter function should be large enough so that is much bigger ....

P. Hawkes and G. Rose, Exploiting multiples of the connection polynomial in word-oriented stream ciphers, Proceedings of ASIACRYPT'

.... and LFSR The tap sets of the LFSR obey the security requirements given in [49] which enable resistance to the inversion attacks given in [49] and the correlation attacks given in [2, 49] Guess and determine attacks In order to provide su#cient resistance against guess and determine attacks [54], the tap position of the LFSR are well suited to the taps of the NLF . Due to the length of LFSR and the high algebraic order of the NLF, attacks such as that proposed by Babbage are unlikely to work. Correlation Attacks The designers claim that due to the non linear filter and the ....

P. Hawkes and G. Rose. Exploiting multiples of the connection polynomial in word-oriented stream ciphers. In Advances in Cryptology -- ASIACRYPT' 2000.

....that any attack on SOBER 128 has a complexity exceeding that of an exhaustive key search. We do not claim any mathematical proof of security. Our analysis of SOBER 128 can be summarized thus: Guess and determine (GD) attacks appear to have a computational complexity in excess of 2 250 (see [24,1]) although research in this area is ongoing. Algebraic attacks [8] appear to be infeasible. Correlation based attacks [6] appear to be resisted by the LFSR and NLF. Timing attacks and power attacks can be mitigated in standard ways; there is no conditional execution after initial ....

....that looked for improvements on these attacks. The search examined every GD attack exploiting linear relationships corresponding to polynomials of degree 34 or less, and with 10 or fewer terms. No attacks on SOBER128 were found that improved on the previous attacks. More details are provided in [24]. 22 Babbage et al. 1] found a GD attack on un stuttered SOBER t32 that exploited the fact that the most significant byte of a keystream word depended only on the most significant byte of the state L words and some carries propagated by the addition operation. The computational complexity of ....

P. Hawkes and G. Rose. Exploiting multiples of the connection polynomial in word-oriented stream ciphers. Advances in Cryptology - ASIACRYPT 2000, Lecture Notes in Computer Science, vol. 1976, T. Okamoto (Ed.), Springer, pp. 303-316, 2000.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC