Results 1  10
of
18
Searching for the Optimum Correlation Attack
 FSE’94, LNCS 1008
, 1995
"... We present some new ideas on attacking stream ciphers based on regularly clocked shift registers. The nonlinear lter functions used in such systems may leak information if they interact with shifted copies of themselves, and this gives us a systematic way to search for correlations between a keystr ..."
Abstract

Cited by 29 (0 self)
 Add to MetaCart
We present some new ideas on attacking stream ciphers based on regularly clocked shift registers. The nonlinear lter functions used in such systems may leak information if they interact with shifted copies of themselves, and this gives us a systematic way to search for correlations between a keystream and the underlying shift register sequence.
Three Characterizations of Nonbinary CorrelationImmune and Resilient Functions
 Designs, Codes and Cryptography 5
, 1997
"... A function f(X 1 ; X 2 ; : : : ; Xn ) is said to be t thorder correlationimmune if the random variable Z = f(X 1 ; X 2 ; : : : ; Xn ) is independent of every set of t random variables chosen from the independent equiprobable random variables X 1 ; X 2 ; : : : ; Xn . Additionally, if all possible o ..."
Abstract

Cited by 20 (8 self)
 Add to MetaCart
A function f(X 1 ; X 2 ; : : : ; Xn ) is said to be t thorder correlationimmune if the random variable Z = f(X 1 ; X 2 ; : : : ; Xn ) is independent of every set of t random variables chosen from the independent equiprobable random variables X 1 ; X 2 ; : : : ; Xn . Additionally, if all possible outputs are equally likely, then f is called a t \Gamma resilient function. In this paper, we provide three different characterizations of t thorder correlation immune functions and resilient functions where the random variable is over GF (q). The first is in terms of the structure of a certain associated matrix. The second characterization involves Fourier transforms. The third characterization establishes the equivalence of resilient functions and large sets of orthogonal arrays. keywords: Correlationimmune functions, resilient functions, stream ciphers, Fourier transforms, orthogonal arrays. 1 Definitions Let GF (q) denote the Galois Field with q elements, where q = p a is a prime po...
A New Statistical Testing for Symmetric Ciphers and Hash Functions
 Proc. Information and Communications Security 2002, volume 2513 of LNCS
, 2002
"... This paper presents a new, powerful statistical testing of symmetric ciphers and hash functions which allowed us to detect biases in both of these systems where previously known tests failed. We first give a complete characterization of the Algebraic Normal Form (ANF) of random Boolean functions by ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
This paper presents a new, powerful statistical testing of symmetric ciphers and hash functions which allowed us to detect biases in both of these systems where previously known tests failed. We first give a complete characterization of the Algebraic Normal Form (ANF) of random Boolean functions by means of the M obius transform. Then we built a new testing based on the comparison between the structure of the different Boolean functions Algebraic Normal Forms characterizing symmetric ciphers and hash functions and those of purely random Boolean functions. Detailed testing results on several cryptosystems are presented. As a main result we show that AES, DES Snow and Lili128 fail all or part of the tests and thus present strong biases.
Applications of designs to cryptography. The
 CRC Handbook of Combinatorial Designs, CRC Press, Boca Raton, FL
, 1996
"... ..."
Dragon: A fast word based stream cipher
 Proc. ICISC 2004, volume 3506 of LNCS
, 2005
"... This is the author’s version of a work that was submitted/accepted for publication in the following source: ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
This is the author’s version of a work that was submitted/accepted for publication in the following source:
A Systematic Procedure for Applying Fast Correlation Attacks to Combiners with Memory
, 1997
"... A systematic procedure for applying fast correlation attacks to combiners with memory is introduced. This procedure consists of the following four stages: identifying correlated linear input and output transforms with maximum possible or relatively large correlation coefficient, calculating loww ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
A systematic procedure for applying fast correlation attacks to combiners with memory is introduced. This procedure consists of the following four stages: identifying correlated linear input and output transforms with maximum possible or relatively large correlation coefficient, calculating lowweight polynomial multiples based on the identified input linear transform, applying an iterative error correction algorithm to the linear transform of the observed keystream and solving several sets of linear equations to determine the initial state of the input LFSRs. This procedure is successfully applied to three keystream generators, namely, the summation generators with three and five inputs, the nonlinear filter generator and the multiplexed sequence generator. 1 Introduction A wellknown type of keystream generator for stream cipher applications consists of a number of linear feedback shift registers (LFSRs) combined by a memoryless nonlinear function. The keystream sequences pr...
Decimation Attack of Stream Ciphers
 Progress in Cryptology  INDOCRYPT
, 2000
"... This paper presents a new attack called Decimation Attack of most stream ciphers. It exploits the property that multiple clocking (or equivalently dth decimation) of a LFSR can simulate the behavior of many other LFSRs of possible shorter length. It yields then significant improvements of all the p ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
This paper presents a new attack called Decimation Attack of most stream ciphers. It exploits the property that multiple clocking (or equivalently dth decimation) of a LFSR can simulate the behavior of many other LFSRs of possible shorter length. It yields then significant improvements of all the previous known correlation and fast correlation attacks. A new criterion on the length of the polynomial is then defined to resist to the decimation attack. Simulation results and complexity comparison are detailed for ciphertext only attacks.
Vectorial Boolean Functions and Induced Algebraic Equations
, 2004
"... A general mathematical framework behind algebraic cryptanalytic attacks is developed. The framework ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
A general mathematical framework behind algebraic cryptanalytic attacks is developed. The framework
Fast Attacks on TreeStructured Ciphers
 University
, 1994
"... Treestructures have been proposed for both the construction of block ciphers by Kam and Davida [7], and selfsynchronous stream ciphers by Kuhn [9]. Attacks on these ciphers have been given by Anderson [2] and Heys and Tavares [6]. In this paper it is demonstrated that a more efficient attack can b ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Treestructures have been proposed for both the construction of block ciphers by Kam and Davida [7], and selfsynchronous stream ciphers by Kuhn [9]. Attacks on these ciphers have been given by Anderson [2] and Heys and Tavares [6]. In this paper it is demonstrated that a more efficient attack can be conducted when the underlying Boolean functions for the cells are known. It is shown that this attack requires less then 1 3 the chosen ciphertext of Anderson's original attack on Kuhn's cipher. We also comment on an improved version of Kuhn's cipher that was modified in light of Anderson's original attack. The work in this paper has been funded in part by the Cooperative Research Centres program through the Department of the Prime Minister and Cabinet of Australia. 1 Introduction This paper deals with the cryptanalysis of ciphers which can be reduced to a boolean function which has a treestructure, such as the cipher proposed by Kuhn [9], and Kam and Davida's construction [7] of ...
Resilient Function based Sequence GeneratorRFSG
"... The main focus of this paper is to apply suitable combiner function for cryptographic use which possesses multiple cryptographic properties such as balanced, correlation immune and high algebraic degree. Resilient function which is the generalization of correlation immune Boolean function is thus co ..."
Abstract
 Add to MetaCart
The main focus of this paper is to apply suitable combiner function for cryptographic use which possesses multiple cryptographic properties such as balanced, correlation immune and high algebraic degree. Resilient function which is the generalization of correlation immune Boolean function is thus considered. In this paper we presents RFSG, a new sequence generator which uses (q, m+1, m, 1) resilient function over GF(2 2) as a combiner function and linear feedback shift registers. The feedback polynomials with large number of taps increase the computational complexity of cipher and polynomials with low taps allow the fast correlation attack and distinguishing attack to recover the initial state. In the light of these constraints the feedback polynomials of eight taps are considered. These polynomials are primitive polynomials having period of maximal length. RFSG uses a key and initialization vector of 64 bits, and produces one bit of key stream per iteration. The internal state of generator is 128bits and its period is (2 128 1). RFSG has good cryptographic properties and guaranteed randomness. Its security is analyzed with respect to strict avalanche criteria and fast correlation attack and found to be invulnerable to these attacks. Software and hardware implementation complexities have also been placed briefly, making these suitable candidates for realization of higher throughputs.