Results 1 
9 of
9
Fast computation of large distributions and its cryptographic applications
 In Asiacrypt 2005, LNCS 3788, SpringerVerlag
, 2005
"... Abstract. Let X1,X2,...,Xk be independent n bit random variables. If they have arbitrary distributions, we show how to compute distributions like Pr{X1 ⊕ X2 ⊕···⊕Xk} and Pr{X1 ⊞ X2 ⊞ ··· ⊞ Xk} in complexity O(kn2 n). Furthermore, if X1,X2,...,Xk are uniformly distributed we demonstrate a large class ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
Abstract. Let X1,X2,...,Xk be independent n bit random variables. If they have arbitrary distributions, we show how to compute distributions like Pr{X1 ⊕ X2 ⊕···⊕Xk} and Pr{X1 ⊞ X2 ⊞ ··· ⊞ Xk} in complexity O(kn2 n). Furthermore, if X1,X2,...,Xk are uniformly distributed we demonstrate a large class of functions F (X1,X2,...,Xk), for which we can compute their distributions efficiently. These results have applications in linear cryptanalysis of stream ciphers as well as block ciphers. A typical example is the approximation obtained when additions modulo 2 n are replaced by bitwise addition. The efficiency of such an approach is given by the bias of a distribution of the above kind. As an example, we give a new improved distinguishing attack on the stream cipher SNOW 2.0.
Predicting the Shrinking Generator with Fixed Connections
 In Advances in Cryptology  EUROCRYPT 2003
, 2003
"... Abstract. We propose a novel distinguishing attack on the shrinking generator with known feedback polynomial for the generating LFSR. The attack can e.g. reliably distinguish a shrinking generator with a weight 4 polynomial of degree as large as 10000, using 2 32 output bits. As the feedback polynom ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
Abstract. We propose a novel distinguishing attack on the shrinking generator with known feedback polynomial for the generating LFSR. The attack can e.g. reliably distinguish a shrinking generator with a weight 4 polynomial of degree as large as 10000, using 2 32 output bits. As the feedback polynomial of an arbitrary LFSR is known to have a polynomial multiple of low weight, our distinguisher applies to arbitrary shrunken LFSR’s of moderate length. The analysis can also be used to predict the distribution of blocks in the generated keystream. 1
A New Statistical Distinguisher for the Shrinking Generator
, 2003
"... The shrinking generator is a wellknown keystream generator composed of two linear feedback shift registers, LFSR 1 and LFSR 2 , where LFSR 1 is clockcontrolled according to regularly clocked LFSR 2 . The keystream sequence is thus a decimated LFSR 1 sequence. ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
The shrinking generator is a wellknown keystream generator composed of two linear feedback shift registers, LFSR 1 and LFSR 2 , where LFSR 1 is clockcontrolled according to regularly clocked LFSR 2 . The keystream sequence is thus a decimated LFSR 1 sequence.
Linear Sequential Circuit Approximation of Grain and Trivium Stream Ciphers * 1
"... Abstract. Grain and Trivium are two hardware oriented synchronous stream ciphers proposed as the simplest candidates to the ECRYPT Stream Cipher Project, both dealing with 80bit secret keys. In this paper we apply the linear sequential circuit approximation method to evaluate the strength of these ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. Grain and Trivium are two hardware oriented synchronous stream ciphers proposed as the simplest candidates to the ECRYPT Stream Cipher Project, both dealing with 80bit secret keys. In this paper we apply the linear sequential circuit approximation method to evaluate the strength of these stream ciphers against distinguishing attack. In this approximation method which was initially introduced by Golic in 1994, linear models are effectively determined for autonomous finitestate machines. We derive linear functions of consecutive keystream bits which are held with correlation coefficient of about 263.7 and 2126 for Grain and Trivium ciphers, respectively. Then using the concept of socalled generating function, we turn them into linear functions with correlation coefficient of 229 for Grain and 272 for Trivium. It shows that the Grain output sequence can be distinguished from a purely random sequence, using about 2 58 bits of the output sequence with the same time complexity. However, our attempt fails to find a successful distinguisher for Trivium.
Hassanzadeh M.: Linear Sequential Circuit Approximation of the Trivium Stream Cipher. eSTREAM, ECRYPT Stream Cipher Project Report 2005/063
, 2005
"... TRIVIUM is the simplest ECRYPT Stream Cipher project Candidate which deals with key and IV of length 80. Using the sequential Circuit Approximation method, ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
TRIVIUM is the simplest ECRYPT Stream Cipher project Candidate which deals with key and IV of length 80. Using the sequential Circuit Approximation method,
Linear Sequential Circuit Approximation of Achterbahn Stream Cipher
"... Achterbahn stream cipher is proposed as a candidate for ECRYPT eSTREAM project which deals with key of length 80bit. The linear distinguishing attack,which aims at distinguishing the keystream from purely random keystream,is employed to Achterbahn stream cipher. A linear distinguishing attack is ba ..."
Abstract
 Add to MetaCart
Achterbahn stream cipher is proposed as a candidate for ECRYPT eSTREAM project which deals with key of length 80bit. The linear distinguishing attack,which aims at distinguishing the keystream from purely random keystream,is employed to Achterbahn stream cipher. A linear distinguishing attack is based on linear sequential circuit approximation technique which distinguishes statistical bias in the keystream. In order to build the distinguisher, linear approximations of both nonlinear feedback shift register (NLFSR) and the nonlinear Boolean combining function are used. The keystream sequence generated by this algorithm consist a distinguisher with its probability bias . Thus, to distinguish the Achterbahn, we only need keystream bits and the time complexity is about