As we draw near to closing out the twentieth century, we see quite clearly that the information-processing and telecommunications revolutions now underway will continue vigorously into the twenty-first. We interact and transact by directing flocks of digital packets towards each other through cyberspace, carrying love notes, digital cash, and secret corporate documents. Our personal and economic lives rely more and more on our ability to let such ethereal carrier pigeons mediate at a distance what we used to do with face-to-face meetings, paper documents, and a firm handshake. Unfortunately, the technical wizardry enabling remote collaborations is founded on broadcasting everything as sequences of zeros and ones that one's own dog wouldn't recognize. What is to distinguish a digital dollar when it is as easily reproducible as the spoken word? How do we converse privately when every syllable is bounced off a satellite and smeared over an entire continent? How should a bank know that it really is Bill Gates requesting from his laptop in Fiji a transfer of $10,000,000,000 to another bank? Fortunately, the magical mathematics of cryptography can help. Cryptography provides techniques for keeping information secret, for determining that information

The encryption system E_0, which is the encryption system used in the Bluetooth specification, is examined. In the current paper, a method of deriving the cipher key from a set of known keystream bits is given. The running time for this method depends on the amount of known keystream available, varying from O(2^84) if 132 bits are available to O(2^73), given 2^43 bits of known keystream. Although the attacks are of no advantage if E_0 is used with the recommended security parameters (64 bit encryption key), they provide an upper bound on the amount of security that would be made available by enlarging the encryption key, as discussed in the Bluetooth specification.

The LILI-128 keystream generator is a LFSR based synchronous stream cipher with a 128 bit key. The design offers large period and linear complexity, and is resistant to currently known styles of attack. LILI is simple to implement in hardware or software.

Many bitstream generators are based on linear feedback shift registers. A widespread technique for the cryptanalysis of those generators is the linear consistency test (LCT). In this paper, we consider an application of the LCT in cryptanalysis of clock-controlled bitstream generators, called clock control guessing. We give a general and very simple method for estimating the eciency of clock control guessing, yielding an upper bound on the e ective key length of a whole group of bitstream generators. Finally, we apply the technique against a number of clock-controlled generators, such as the A5/1, alternating step generator, step1-step2 generator, cascade generator, and others.

: A number of keystream generators can be attacked by guessing the contents of one shift register and then checking to see whether this guess is consistent with the observed keystream. Where the target register is n bits long, this gives an attack of complexity 2 n\GammaO(1) . We present a further optimisation which appears to reduce the complexity to about 2 n=2 in many cases of practical interest. Introduction: Many stream cipher systems work by combining each successive bit of plaintext with a pseudo-random bit derived from a keystream generator, which will typically use a nonlinear function of one or more linear feedback shift register sequences to generate these pseudo-random bits. Examples are the multiplexer generator [1], the self-multiplexed generator [2], Geffe's generator [3] and the clock controlled or stop-and-go family of generators [4]. Such stream cipher algorithms are usually faster than block ciphers such as DES [5] and are often used in devices such as line encr...

The shrinking generator is a well-known keystream generator composed of two linear feedback shift registers, LFSR 1 and LFSR 2 , where LFSR 1 is clock-controlled according to regularly clocked LFSR 2 . The keystream sequence is thus a decimated LFSR 1 sequence.

Abstract. Pseudorandom generators based on linear feedback shift registers (LFSR) are a traditional building block for cryptographic stream ciphers. In this report, we review the general idea for such generators, as well as the most important techniques of cryptanalysis. 1 Security Model 1.1 Shannon’s model Basic setting: The most basic task of cryptography is encryption. The setting was captured by Shannon in [47] as a modification of his well-known communication model, proposed in [46]. Consider two entities, named sender and receiver, who want to transmit an arbitrary message at an arbitrary point in time in complete privacy. There are two communication channels available: – The secret channel is completely confidential. No information that is transmitted using this channel can be observed by a third party. However, the secret channel has the disadvantage of being available only at fixed points in time (e.g., when sender and receiver meet in person).

Abstract. In this paper, we present some reduced complexity attacks on the Alternating Step Generator (ASG). The attacks are based on a quite general framework and mostly benefit from the low sampling resistance of the ASG, and of an abnormal behavior related to the distribution of the initial states of the stop/go LFSR’s which produce a given segment of the output sequence. Our results compare well with previous results as they show a greater flexibility with regard to known output of the ASG, which amounts in reduced complexity. We will also give a closed form for the complexity of attacks on ASG (and SG) as presented in [13].

s), p.146, 1985. [790] J.L. MASSEY AND X. LAI, "Device for converting a digital block and the use thereof", European Patent # 482,154, 29 Apr 1992. [791] , "Device for the conversion of a digital block and use of same", U.S. Patent # 5,214,703, 25 May 1993. [792] J.L. MASSEY AND J.K. OMURA, "Method and apparatus for maintaining the privacy of digital messages conveyed by public transmission ", U.S. Patent # 4,567,600, 28 Jan 1986. [793] J.L. MASSEY AND R.A. RUEPPEL, "Linear ciphers and random sequence generators with multiple clocks", Advances in Cryptology-- Proceedings of EUROCRYPT 84 (LNCS 209), 74--87, 1985. [794] J.L. MASSEY AND S. SERCONEK, "A Fourier transform approach to the linear complexity of nonlinearly filtered sequences", Advances in Cryptology--CRYPTO '94 (LNCS 839), 332--340, 1994. [795] M. MATSUI, "The first experimental cryptanalysis of the Data Encryption Standard", Advances in Cryptology--CRYPTO '94 (LNCS 839), 1--11, 1994. [796] , "Linear cryptanalysis metho...

This paper also appeared in [1219].