Results 1  10
of
13
Feedback shift registers, 2adic span, and combiners with memory
 Journal of Cryptology
, 1997
"... Feedback shift registers with carry operation (FCSR’s) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSR’s) are presen ..."
Abstract

Cited by 50 (7 self)
 Add to MetaCart
Feedback shift registers with carry operation (FCSR’s) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSR’s) are presented, including a synthesis algorithm (analogous to the BerlekampMassey algorithm for LFSR’s) which, for any pseudorandom sequence, constructs the smallest FCSR which will generate the sequence. These techniques are used to attack the summation cipher. This analysis gives a unified approach to the study of pseudorandom sequences, arithmetic codes, combiners with memory, and the MarsagliaZaman random number generator. Possible variations on the FCSR architecture are indicated at the end. Index Terms – Binary sequence, shift register, stream cipher, combiner with memory, cryptanalysis, 2adic numbers, arithmetic code, 1/q sequence, linear span. 1
Faster Correlation Attack on Bluetooth Keystream Generator E0
 Advances on Cryptography  CRYPTO 2004, Lecture Notes in Computer Science
, 2004
"... Abstract. We study both distinguishing and keyrecovery attacks against E0, the keystream generator used in Bluetooth by means of correlation. First, a powerful computation method of correlations is formulated by a recursive expression, which makes it easier to calculate correlations of the finite s ..."
Abstract

Cited by 19 (4 self)
 Add to MetaCart
Abstract. We study both distinguishing and keyrecovery attacks against E0, the keystream generator used in Bluetooth by means of correlation. First, a powerful computation method of correlations is formulated by a recursive expression, which makes it easier to calculate correlations of the finite state machine output sequences up to 26 bits for E0 and allows us to verify the two known correlations to be the largest for the first time. Second, we apply the concept of convolution to the analysis of the distinguisher based on all correlations, and propose an efficient distinguisher due to the linear dependency of the largest correlations. Last, we propose a novel maximum likelihood decoding algorithm based on fast Walsh transform to recover the closest codeword for any linear code of dimension L and length n. It requires time O(n + L · 2 L) and memory min(n, 2 L). This can speed up many attacks such as fast correlation attacks. We apply it to E0, and our best keyrecovery attack works in 2 39 time given 2 39 consecutive bits after O(2 37) precomputation. This is the best known attack against E0 so far. 1
Linear cryptanalysis of bluetooth stream cipher
 Advances in Cryptology  EUROCRYPT 2002, Lecture Notes in Computer Science
, 2002
"... Abstract. A general linear iterative cryptanalysis method for solving binary systems of approximate linear equations which is also applicable to keystream generators producing short keystream sequences is proposed. A linear cryptanalysis method for reconstructing the secret key in a general type of ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
Abstract. A general linear iterative cryptanalysis method for solving binary systems of approximate linear equations which is also applicable to keystream generators producing short keystream sequences is proposed. A linear cryptanalysis method for reconstructing the secret key in a general type of initialization schemes is also developed. A large class of linear correlations in the Bluetooth combiner, unconditioned or conditioned on the output or on both the output and one input, are found and characterized. As a result, an attack on the Bluetooth stream cipher that can reconstruct the 128bit secret key with complexity about 2 70 from about 45 initializations is proposed. In the precomputation stage, a database of about 2 80 103bit words has to be sorted out. Key words Linear cryptanalysis, linear correlations, iterative probabilistic decoding, reinitialization. 1
Extending the Resynchronization Attack
 SAC 2004
, 2004
"... Synchronous stream ciphers need perfect synchronization between sender and receiver. In practice, this is ensured by a resync mechanism. Daemen et al first described attacks on ciphers using such a resync mechanism. In this paper we extend their attacks in several ways by combining the standard a ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
Synchronous stream ciphers need perfect synchronization between sender and receiver. In practice, this is ensured by a resync mechanism. Daemen et al first described attacks on ciphers using such a resync mechanism. In this paper we extend their attacks in several ways by combining the standard attack with cryptanalytic techniques such as algebraic attacks and linear cryptanalysis. Our results show that using linear resync mechanisms should be avoided, and provide lower bounds for the nonlinearity required from a secure resync mechanism.
Cryptographic Properties Of The Bluetooth Combination Generator
 The Second International Conference on Information Security and Cryptology of ICISC `99
, 2000
"... OF MASTER'S THESIS Author: Miia Hermelin Title of thesis: Cryptographic properties of the Bluetooth combination generator Finnish title: Bluetooth yhdistjgeneraattorin kryptograsia ominaisuuksia Date: 28th February 2000 Pages: 55 Department: Department of Engineering Physics and Mathematics Ch ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
OF MASTER'S THESIS Author: Miia Hermelin Title of thesis: Cryptographic properties of the Bluetooth combination generator Finnish title: Bluetooth yhdistjgeneraattorin kryptograsia ominaisuuksia Date: 28th February 2000 Pages: 55 Department: Department of Engineering Physics and Mathematics Chair: Mat1 Mathematics Supervisor: Professor Olavi Nevanlinna Instructor: Principal scientist, docent Kaisa Nyberg Bluetooth is a technical specication designed for adhoc nets. It is developed and maintained by the Bluetooth Special Interest Group. This thesis concentrates on the combination generator dened in the algorithm E 0 of Bluetooth and on its cryptographical properties. The thesis is mainly concentrated on the correlation properties of Bluetooth, but other security issues are also considered. A combination generator consists of linear feedback shift registers (LFSR), a memory and linear and nonlinear combiner functions. In Bluetooth, there are four bits of memory and four LFSR...
Correlation Properties of the Bluetooth Combiner
, 1999
"... In its intended usage the lengths of the key stream sequences produced by the Bluetooth stream cipher E0 are strictly limited. In this paper the importance of this limitation is proved by showing that the Bluetooth stream cipher with 128 bit key can be broken in O(2^64) steps given an output key str ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
In its intended usage the lengths of the key stream sequences produced by the Bluetooth stream cipher E0 are strictly limited. In this paper the importance of this limitation is proved by showing that the Bluetooth stream cipher with 128 bit key can be broken in O(2^64) steps given an output key stream segment of length O(2^64). We also show how the correlation properties of the E0 combiner can be improved by making a small modification in the memory update function.
Algebraic Attacks on Summation Generators
 In FSE 2004, number 3017 in Lecture Notes in Computer Science
, 2003
"... We apply the algebraic attacks on stream ciphers with memories to the summation generator. For a summation generator that uses n LFSRs, an algebraic equation relating the key stream bits and LFSR output bits can be made to be of degree less than or equal to 2 , using dlog 2 ne + 1 consecutive ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
We apply the algebraic attacks on stream ciphers with memories to the summation generator. For a summation generator that uses n LFSRs, an algebraic equation relating the key stream bits and LFSR output bits can be made to be of degree less than or equal to 2 , using dlog 2 ne + 1 consecutive key stream bits. This is much lower than the upper bound given by previous general results. We also show that the techniques of [5] can be applied to summation generators using 2 LFSRs to reduce the eective degree of the algebraic equation.
Vectorial Boolean Functions and Induced Algebraic Equations
, 2004
"... A general mathematical framework behind algebraic cryptanalytic attacks is developed. The framework ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
A general mathematical framework behind algebraic cryptanalytic attacks is developed. The framework
Cryptanalysis of LFSRbased pseudorandom generators  a survey
, 2004
"... Abstract. Pseudorandom generators based on linear feedback shift registers (LFSR) are a traditional building block for cryptographic stream ciphers. In this report, we review the general idea for such generators, as well as the most important techniques of cryptanalysis. 1 Security Model 1.1 Shannon ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. Pseudorandom generators based on linear feedback shift registers (LFSR) are a traditional building block for cryptographic stream ciphers. In this report, we review the general idea for such generators, as well as the most important techniques of cryptanalysis. 1 Security Model 1.1 Shannon’s model Basic setting: The most basic task of cryptography is encryption. The setting was captured by Shannon in [47] as a modification of his wellknown communication model, proposed in [46]. Consider two entities, named sender and receiver, who want to transmit an arbitrary message at an arbitrary point in time in complete privacy. There are two communication channels available: – The secret channel is completely confidential. No information that is transmitted using this channel can be observed by a third party. However, the secret channel has the disadvantage of being available only at fixed points in time (e.g., when sender and receiver meet in person).