Results 1 -
5 of
5
Linear cryptanalysis of bluetooth stream cipher
- Advances in Cryptology - EUROCRYPT 2002, Lecture Notes in Computer Science
, 2002
"... Abstract. A general linear iterative cryptanalysis method for solving binary systems of approximate linear equations which is also applicable to keystream generators producing short keystream sequences is proposed. A linear cryptanalysis method for reconstructing the secret key in a general type of ..."
Abstract
-
Cited by 10 (0 self)
- Add to MetaCart
Abstract. A general linear iterative cryptanalysis method for solving binary systems of approximate linear equations which is also applicable to keystream generators producing short keystream sequences is proposed. A linear cryptanalysis method for reconstructing the secret key in a general type of initialization schemes is also developed. A large class of linear correlations in the Bluetooth combiner, unconditioned or conditioned on the output or on both the output and one input, are found and characterized. As a result, an attack on the Bluetooth stream cipher that can reconstruct the 128-bit secret key with complexity about 2 70 from about 45 initializations is proposed. In the precomputation stage, a database of about 2 80 103-bit words has to be sorted out. Key words Linear cryptanalysis, linear correlations, iterative probabilistic decoding, reinitialization. 1
Predicting the Shrinking Generator with Fixed Connections
- In Advances in Cryptology - EUROCRYPT 2003
, 2003
"... Abstract. We propose a novel distinguishing attack on the shrinking generator with known feedback polynomial for the generating LFSR. The attack can e.g. reliably distinguish a shrinking generator with a weight 4 polynomial of degree as large as 10000, using 2 32 output bits. As the feedback polynom ..."
Abstract
-
Cited by 7 (1 self)
- Add to MetaCart
Abstract. We propose a novel distinguishing attack on the shrinking generator with known feedback polynomial for the generating LFSR. The attack can e.g. reliably distinguish a shrinking generator with a weight 4 polynomial of degree as large as 10000, using 2 32 output bits. As the feedback polynomial of an arbitrary LFSR is known to have a polynomial multiple of low weight, our distinguisher applies to arbitrary shrunken LFSR’s of moderate length. The analysis can also be used to predict the distribution of blocks in the generated keystream. 1
A New Statistical Distinguisher for the Shrinking Generator
, 2003
"... The shrinking generator is a well-known keystream generator composed of two linear feedback shift registers, LFSR 1 and LFSR 2 , where LFSR 1 is clock-controlled according to regularly clocked LFSR 2 . The keystream sequence is thus a decimated LFSR 1 sequence. ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
The shrinking generator is a well-known keystream generator composed of two linear feedback shift registers, LFSR 1 and LFSR 2 , where LFSR 1 is clock-controlled according to regularly clocked LFSR 2 . The keystream sequence is thus a decimated LFSR 1 sequence.
A New Version of the Cipher DICING
"... Abstract: In this paper, we will give one update for our submitted primitive DICING for eSTREAM, where we have simplified the initialization and made some small changes in the equations (2.3) and (2.16) to enhance the security and the efficiency. ..."
Abstract
- Add to MetaCart
Abstract: In this paper, we will give one update for our submitted primitive DICING for eSTREAM, where we have simplified the initialization and made some small changes in the equations (2.3) and (2.16) to enhance the security and the efficiency.
A NEW STREAM CIPHER: DICING _____An Update for the Phrase II of eSTREAM
"... Abstract: In this paper, we will give one update for our submitted primitive DICING for eSTREAM, where we have simplified the initialization and made some small changes in the equations (2.3) and (2.16) to enhance the security and the efficiency. ..."
Abstract
- Add to MetaCart
Abstract: In this paper, we will give one update for our submitted primitive DICING for eSTREAM, where we have simplified the initialization and made some small changes in the equations (2.3) and (2.16) to enhance the security and the efficiency.
