Results 1  10
of
15
Searching for the Optimum Correlation Attack
 FSE’94, LNCS 1008
, 1995
"... We present some new ideas on attacking stream ciphers based on regularly clocked shift registers. The nonlinear lter functions used in such systems may leak information if they interact with shifted copies of themselves, and this gives us a systematic way to search for correlations between a keystr ..."
Abstract

Cited by 29 (0 self)
 Add to MetaCart
We present some new ideas on attacking stream ciphers based on regularly clocked shift registers. The nonlinear lter functions used in such systems may leak information if they interact with shifted copies of themselves, and this gives us a systematic way to search for correlations between a keystream and the underlying shift register sequence.
Three Characterizations of Nonbinary CorrelationImmune and Resilient Functions
 Designs, Codes and Cryptography 5
, 1997
"... A function f(X 1 ; X 2 ; : : : ; Xn ) is said to be t thorder correlationimmune if the random variable Z = f(X 1 ; X 2 ; : : : ; Xn ) is independent of every set of t random variables chosen from the independent equiprobable random variables X 1 ; X 2 ; : : : ; Xn . Additionally, if all possible o ..."
Abstract

Cited by 20 (8 self)
 Add to MetaCart
A function f(X 1 ; X 2 ; : : : ; Xn ) is said to be t thorder correlationimmune if the random variable Z = f(X 1 ; X 2 ; : : : ; Xn ) is independent of every set of t random variables chosen from the independent equiprobable random variables X 1 ; X 2 ; : : : ; Xn . Additionally, if all possible outputs are equally likely, then f is called a t \Gamma resilient function. In this paper, we provide three different characterizations of t thorder correlation immune functions and resilient functions where the random variable is over GF (q). The first is in terms of the structure of a certain associated matrix. The second characterization involves Fourier transforms. The third characterization establishes the equivalence of resilient functions and large sets of orthogonal arrays. keywords: Correlationimmune functions, resilient functions, stream ciphers, Fourier transforms, orthogonal arrays. 1 Definitions Let GF (q) denote the Galois Field with q elements, where q = p a is a prime po...
Dragon: A Fast Word Based Stream Cipher
, 2005
"... This paper presents Dragon, a new stream cipher constructed using a single word based nonlinear feedback shift register and a nonlinear filter function with memory. Dragon uses a variable length key and initialisation vector of 128 or 256 bits, and produces 64 bits of keystream per iteration. A ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
This paper presents Dragon, a new stream cipher constructed using a single word based nonlinear feedback shift register and a nonlinear filter function with memory. Dragon uses a variable length key and initialisation vector of 128 or 256 bits, and produces 64 bits of keystream per iteration. At the heart of Dragon are two highly optimised 8 sboxes. Dragon uses simple operations on 32bit words to provide a high degree of e#ciency in a wide variety of environments, making it highly competitive when compared with other word based stream ciphers. The components of Dragon are designed to resist all known attacks.
Applications of Designs to Cryptography
"... to Bob, she encrypts x using the encryption rule e K . That is, she computes y = e K (x), and sends y to Bob over the channel. When Bob receives y, he decrypts it using the decryption function dK , obtaining x. Informally, perfect secrecy means that observation of a ciphertext gives no informatio ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
to Bob, she encrypts x using the encryption rule e K . That is, she computes y = e K (x), and sends y to Bob over the channel. When Bob receives y, he decrypts it using the decryption function dK , obtaining x. Informally, perfect secrecy means that observation of a ciphertext gives no information about the corresponding plaintext. This idea can be stated more precisely using probability distributions. Suppose there is are probability distributions pP on P, and pK on K. Then a probability distribution p C is induced on C. A cryptosystem is said to provide perfect secrecy provided that pP (xjy) = pP<F24.
A New Statistical Testing for Symmetric Ciphers and Hash Functions
 Proc. Information and Communications Security 2002, volume 2513 of LNCS
, 2002
"... This paper presents a new, powerful statistical testing of symmetric ciphers and hash functions which allowed us to detect biases in both of these systems where previously known tests failed. We first give a complete characterization of the Algebraic Normal Form (ANF) of random Boolean functions by ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
This paper presents a new, powerful statistical testing of symmetric ciphers and hash functions which allowed us to detect biases in both of these systems where previously known tests failed. We first give a complete characterization of the Algebraic Normal Form (ANF) of random Boolean functions by means of the M obius transform. Then we built a new testing based on the comparison between the structure of the different Boolean functions Algebraic Normal Forms characterizing symmetric ciphers and hash functions and those of purely random Boolean functions. Detailed testing results on several cryptosystems are presented. As a main result we show that AES, DES Snow and Lili128 fail all or part of the tests and thus present strong biases.
Decimation Attack of Stream Ciphers
 Progress in Cryptology  INDOCRYPT
, 2000
"... This paper presents a new attack called Decimation Attack of most stream ciphers. It exploits the property that multiple clocking (or equivalently dth decimation) of a LFSR can simulate the behavior of many other LFSRs of possible shorter length. It yields then significant improvements of all the p ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
This paper presents a new attack called Decimation Attack of most stream ciphers. It exploits the property that multiple clocking (or equivalently dth decimation) of a LFSR can simulate the behavior of many other LFSRs of possible shorter length. It yields then significant improvements of all the previous known correlation and fast correlation attacks. A new criterion on the length of the polynomial is then defined to resist to the decimation attack. Simulation results and complexity comparison are detailed for ciphertext only attacks.
A Systematic Procedure for Applying Fast Correlation Attacks to Combiners with Memory
, 1997
"... A systematic procedure for applying fast correlation attacks to combiners with memory is introduced. This procedure consists of the following four stages: identifying correlated linear input and output transforms with maximum possible or relatively large correlation coefficient, calculating loww ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
A systematic procedure for applying fast correlation attacks to combiners with memory is introduced. This procedure consists of the following four stages: identifying correlated linear input and output transforms with maximum possible or relatively large correlation coefficient, calculating lowweight polynomial multiples based on the identified input linear transform, applying an iterative error correction algorithm to the linear transform of the observed keystream and solving several sets of linear equations to determine the initial state of the input LFSRs. This procedure is successfully applied to three keystream generators, namely, the summation generators with three and five inputs, the nonlinear filter generator and the multiplexed sequence generator. 1 Introduction A wellknown type of keystream generator for stream cipher applications consists of a number of linear feedback shift registers (LFSRs) combined by a memoryless nonlinear function. The keystream sequences pr...
Vectorial Boolean Functions and Induced Algebraic Equations
, 2004
"... A general mathematical framework behind algebraic cryptanalytic attacks is developed. The framework ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
A general mathematical framework behind algebraic cryptanalytic attacks is developed. The framework
Fast Attacks on TreeStructured Ciphers
 University
, 1994
"... Treestructures have been proposed for both the construction of block ciphers by Kam and Davida [7], and selfsynchronous stream ciphers by Kuhn [9]. Attacks on these ciphers have been given by Anderson [2] and Heys and Tavares [6]. In this paper it is demonstrated that a more efficient attack can b ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Treestructures have been proposed for both the construction of block ciphers by Kam and Davida [7], and selfsynchronous stream ciphers by Kuhn [9]. Attacks on these ciphers have been given by Anderson [2] and Heys and Tavares [6]. In this paper it is demonstrated that a more efficient attack can be conducted when the underlying Boolean functions for the cells are known. It is shown that this attack requires less then 1 3 the chosen ciphertext of Anderson's original attack on Kuhn's cipher. We also comment on an improved version of Kuhn's cipher that was modified in light of Anderson's original attack. The work in this paper has been funded in part by the Cooperative Research Centres program through the Department of the Prime Minister and Cabinet of Australia. 1 Introduction This paper deals with the cryptanalysis of ciphers which can be reduced to a boolean function which has a treestructure, such as the cipher proposed by Kuhn [9], and Kam and Davida's construction [7] of ...
Correlation Analysis of Summation Generator
"... Abstract: J. Dj. Golić applied linear sequential circuit approximation (LSCA) method to analyze the summation generator with an arbitrary number of inputs. He conjectured that he could obtain all pairs of mutually correlated input and output linear functions with the maximum possible absolute value ..."
Abstract
 Add to MetaCart
Abstract: J. Dj. Golić applied linear sequential circuit approximation (LSCA) method to analyze the summation generator with an arbitrary number of inputs. He conjectured that he could obtain all pairs of mutually correlated input and output linear functions with the maximum possible absolute value of the correlation coefficient by this method, but he did not give any proof. By using Walsh Transformation technique, the conjecture is proved for even n in this paper. The “total correlation ” of summation generator is studied which is very similar to that of combiners with one bit memory. Key words: summation generator; correlation coefficient; memory; stream cipher 摘 要: J. Dj. Golić 运用线性序列电路逼进的方法来分析具有任意个输入的求和生成器.他猜想可以通过这种方 法来获得所有具有最大相关系数的输入和输出线性函数对,但是他未给出证明.利 用 Walsh 变换技术证明了 当 n 是