W. Meier and O. Sta#elbach, "Fast Correlation Attacks on Certain Stream Ciphers," Journal of Cryptology, vol. 1, pp. 159-176, 1989.  Home/Search   Document Not in Database   Summary   Related Articles   Check

.... nonlinearity, by applying a nonlinear function to the outputs of regularly clocked LFSRs or by irregular clocking of the LFSRs [13] However, keystream generators using regularly clocked LFSRs are susceptible to correlation attacks, including fast correlation attacks, a concept rst introduced in [11]. In a fast correlation attack, the initial states of the component shift registers are reconstructed from a known segment of the generator output sequence, without performing a blind search over all possible shift register initial states. As a means of achieving immunity to these correlation ....

W. Meier and O. Staelbach. Fast Correlation Attacks on Certain Stream Ciphers. Journal of Cryptology, vol. 1(3), pp. 159-167, 1989.

.... 257 272 284 287 293 296 308 311 317 323 329 332 335 341 344 371 377 380 407 413 431 437 440 443 449 452 455 461 464 512 This polynomial has a lot of non zero coe#cients what makes some fast correlation attacks [MS89,CS91] very impractical. The feedback polynomial of the LFSR is primitive, the period of the LFSR is thus 2 1. It is very likely, that the period of SNOW is therefore 2 1, too. 3.3 Properties of the FSM The output of the FSM at time t is calculated as follows. FSM(t) s t 1 #R1) #R2 where ....

W. Meier and O. Sta#elbach, Fast correlation attacks on certain stream ciphers, Journal of Cryptology (1989), 159--176. 4

....214 215 218 223 226 230 234 237 253 257 260 268 The period of the corresponding 16 linear feedback shift sequences generated by p 16 (x) is thus 1. This polynomial has a lot of non zero coe#cients what makes some fast correlation attacks [MS89,CS91] very impractical. Exactly the same observations are applicable to SOBER t32. The linear recurrence over GF (2 ) of SOBER t32 is equivalent to 32 parallel bit wise LFSR s, each of length 17 32 = 544. These linear recurrences are all the same, represented by a primitive polynomial p 32 (x) ....

W. Meier and O. Sta#elbach, Fast correlation attacks on certain stream ciphers, Journal of Cryptology (1989), 159--176.

....Attacks In a correlation attack, the output of a keystream generator is correlated in some manner with the output of a much simpler device, such as a component LFSR of the generator. This correlation can sometimes be exploited 55 to determine the key, as described by Meier and Sta#elbach [87] and others subsequently. Divide and Conquer Attacks In such attacks a portion of the key is guessed. The constraints now placed on the keystream may allow the determination of remainder of the key faster than searching this remainder. Time Memory Trade O#s In such attacks, the time required ....

W. Meier and O. Sta#elbach. Fast correlation attacks on certain stream ciphers. Journal of Cryptology, 1:159--176, 1989.

....The most important general attacks on LFSR based stream ciphers are correlation attacks. Basically, if a cryptanalyst can in some way detect a correlation between the known output sequence and the output of one individual LFSR, this can be used in a divide and conquer attack on the individual LFSR [9, 10, 11, 12]. The output sequence of the CCASG is an addition modulo 2 of its two irregularly decimated generating sequences (BGA(O) and (CQA(O) Thus, one would not expect a strong correlation to be obtained efficiently, especially, if primitive feedback polynomials of high hamming weight are associated ....

.... modulo 2 of its two irregularly decimated generating sequences (BGA(O) and (CQA(O) Thus, one would not expect a strong correlation to be obtained efficiently, especially, if primitive feedback polynomials of high hamming weight are associated with the feedback functions of the registers B and C [11 ], and the selected w fixed stages 0, Ai . Aiw of the control register that are used to clock the generating registers are considered as part of the key [i.e. w and io, i: iw : are kept secret] If the characteristic feedback functions of A, B and C are known then a cryptanalyst can ....

[Article contains additional citation context not shown here]

- W. Meir, O. Staffelbach, "Fast Correlation Attacks on Certain Stream Ciphers", Journal of Cryptology, 1, 1989, pp. 159-176.

....be small. The covering radius of RM(r;n) is de ned as where the maximum is taken over any f(X) In cryptography, on the other hand, f(X) is used as a main component of stream ciphers. In nonlinear combination generators, it must be t resilient [2, 1] to resist the fast correlation attack [9]. g(X) is an approximation of f(X) which attackers make use of and the noise should be large to resist attacks. In this paper, we introduce a new covering radius of RM(r;n) from a view point of cryptography. It is de ned as the maximum distance between t resilient functions and the r th ....

....complexity of fs i g is given by The above L 0 is not large enough to resist the Berlekamp Massey attack. Therefore, it must be that deg(f) 2. Interestingly even if f(X) is approximated by an ane function, Ding et al. showed that a linear attack can break the nonlinear combinaiton generator [9]. In [9] the authors called the linear attack the BAA attack, where BAA stands for best ane approximation. Hence f(X) of Fig.1 must have a large distance from the set of ane functions. Hence the nonlinearity of f(X) denoted by nl(f ) is de ned as a distance between f(X) and the set of ane ....

[Article contains additional citation context not shown here]

W. Meier and O. Staelbach, \Fast Correlation Attacks on Certain Stream Ciphers", Journal of Cryptology, pp.159-176, 1989.

....of weight k 1 and degree about 2 after about k 2 work. If we wish to obtain many parity checks, about d times as much work will suce to nd d parity checks, as long as d 2 n=blg kc . This algorithm is an extension of previous techniques which used the (2 list) birthday problem [16, 21, 27, 18]. As a concrete example, if p(x) represents a polynomial of degree 120, we can nd a multiple m(x) with degree 2 and weight 5 after about 2 42 work by using the 4 tree algorithm. Compare this to previous birthday based techniques, which can nd a multiple with degree 2 30 and weight 5, or a ....

W. Meier, O. Staelbach. \Fast correlation attacks on certain stream ciphers," J. Cryptology, 1(3):159-167, 1989.

....The most important general attacks on LFSR based stream ciphers are correlation attacks. Basically, if one can in some way detect a correlation between the known output sequence and the output of one individual LFSR, this can be used in a divide and conquer attack on the individual LFSR [13, 11, 5, 6]. Two of the most well known clock controlled stream ciphers are the Shrinking generator and the Alternating step generator. In this paper we consider correlation attacks on these two generators. Some basic attacks have been considered when the generators were introduced [1] and [8] and further ....

....sequence is now exactly the problem of decoding a received word to its nearest codeword on a noisy channel. One advantage is that the received word is very long and hence di#erent ways of doing a fast decoding can be applied. One possibility is to use an iterative decoding process as suggested in [11] for fast correlation attacks. Another simpler method is to search for positions where the a posteriori probability P (s t = 1 A = a, Z = z) is very small. This means that these positions are very likely to have s t = 0. After finding LS such positions one can perform a search over sequences ....

W. Meier, and O. Sta#elbach, "Fast correlation attacks on certain stream ciphers", Journal of Cryptology, 1, pp. 159--176, 1989.

No context found.

W. Meier and O. Sta#elbach. Fast Correlations Attacks on Certain Stream Ciphers. In Journal of Cryptology, pages 159--176. Springer, 1989.

No context found.

W. Meier and O. Sta#elbach, "Fast Correlation Attacks on Certain Stream Ciphers," Journal of Cryptology, vol. 1, pp. 159-176, 1989.

No context found.

W. Meier and O. Sta#elbach. Fast correlation attacks on certain stream ciphers. Journal of Cryptology, 1(3):67--86, 1992.

No context found.

W. Meier, and O. Sta#elbach, Fast Correlation Attacks on Certain Stream Ciphers, Journal of Cryptology, pp. 159-176, 1989.

No context found.

Willi Meier and Othmar Sta#elbach. Fast correlation attacks on certain stream ciphers. Journal of Cryptology, 1(3):67--86, 1992.

No context found.

W. Meier and O. Staelbach. Fast Correlations Attacks on Certain Stream Ciphers. In Journal of Cryptology, pages 159176. Springer, 1989.

No context found.

W. Meier, O. Sta#elbach, Fast Correlation Attacks on Certain Stream Ciphers, Journal of Cryptology, pp. 67--86, 1992.

No context found.

W. Meier and O. Staelbach, "Fast correlation attacks on certain stream ciphers," Journal of Cryptology, vol. 1, pp. 159-176, 1989.

No context found.

W. Meir, O. Staffelbach. Fast correlation attacks on certain stream ciphers. Journal of Cryptology, vol. 1, 1989, pp. 159--176.

No context found.

Meier W and O Staffelbach, "Fast correlation attacks on certain stream ciphers", in Journal of Cryptology 1989 pp 159 - 176

No context found.

W. Meir, O. Staffelbach. Fast correlation attacks on certain stream ciphers. Journal of Cryptology, vol. 1, 1989, pp. 159--176.

No context found.

W. Meier, O. Staelbach. \Fast correlation attacks on certain stream ciphers," J. Cryptology, 1(3):159-167, 1989.

No context found.

W. Meier and O. Staffelbach, "Fast correlation attacks on certain stream ciphers," J. Cryptology, vol. 1, pp. 159--176,

No context found.

W. Meier, and O. Staelbach, Fast correlation attacks on certain stream ciphers, Journal of Cryptology, vol. 1, 1989, pp. 159176.

No context found.

W. Meier, and O. Staelbach, \Fast correlation attacks on certain stream ciphers", Journal of Cryptology, vol. 1, 1989, pp. 159-176.

No context found.

W. Meier, and O. Staelbach, Fast correlation attacks on certain stream ciphers, Journal of Cryptology, 1, pp. 159176, 1989.

No context found.

W. Meier and O. Sta#elbach, "Fast Correlation Attacks on Certain Stream Ciphers ". Journal of Cryptography, 1(3):159-176, 1989.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC