Results 1  10
of
11
Feedback shift registers, 2adic span, and combiners with memory
 Journal of Cryptology
, 1997
"... Feedback shift registers with carry operation (FCSR’s) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSR’s) are presen ..."
Abstract

Cited by 50 (7 self)
 Add to MetaCart
Feedback shift registers with carry operation (FCSR’s) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSR’s) are presented, including a synthesis algorithm (analogous to the BerlekampMassey algorithm for LFSR’s) which, for any pseudorandom sequence, constructs the smallest FCSR which will generate the sequence. These techniques are used to attack the summation cipher. This analysis gives a unified approach to the study of pseudorandom sequences, arithmetic codes, combiners with memory, and the MarsagliaZaman random number generator. Possible variations on the FCSR architecture are indicated at the end. Index Terms – Binary sequence, shift register, stream cipher, combiner with memory, cryptanalysis, 2adic numbers, arithmetic code, 1/q sequence, linear span. 1
Fibonacci and Galois Representations of FeedbackWithCarry Shift Registers
 IEEE Trans. Inform. Theory
, 2002
"... A feedbackwithcarry shift register (FCSR) with "Fibonacci" architecture is a shift register provided with a small amount of memory which is used in the feedback algorithm. Like the linear feedback shift register (LFSR), the FCSR provides a simple and predictable method for the fast generation of p ..."
Abstract

Cited by 21 (2 self)
 Add to MetaCart
A feedbackwithcarry shift register (FCSR) with "Fibonacci" architecture is a shift register provided with a small amount of memory which is used in the feedback algorithm. Like the linear feedback shift register (LFSR), the FCSR provides a simple and predictable method for the fast generation of pseudorandom sequences with good statistical properties and large periods. In this paper, we describe and analyze an alternative architecture for the FCSR which is similar to the "Galois" architecture for the LFSR. The Galois architecture is more efficient than the Fibonacci architecture because the feedback computations are performed in parallel. We also describe the output sequences generated by theFCSR, a slight modification of the (Fibonacci) FCSR architecture in which the feedback bit is delayed for clock cycles before being returned to the first cell of the shift register. We explain how these devices may be configured so as to generate sequences with large periods. We show that the FCSR also admits a more efficient "Galois" architecture.
Period of the power generator and small values of Carmichael’s function
 Math.Comp.,70
"... Abstract. Consider the pseudorandom number generator un ≡ u e n−1 (mod m), 0 ≤ un ≤ m − 1, n =1, 2,..., where we are given the modulus m, the initial value u0 = ϑ and the exponent e. One case of particular interest is when the modulus m is of the form pl, where p, l are different primes of the same ..."
Abstract

Cited by 18 (11 self)
 Add to MetaCart
Abstract. Consider the pseudorandom number generator un ≡ u e n−1 (mod m), 0 ≤ un ≤ m − 1, n =1, 2,..., where we are given the modulus m, the initial value u0 = ϑ and the exponent e. One case of particular interest is when the modulus m is of the form pl, where p, l are different primes of the same magnitude. It is known from work of the first and third authors that for moduli m = pl, if the period of the sequence (un) exceeds m3/4+ε, then the sequence is uniformly distributed. We show rigorously that for almost all choices of p, l it is the case that for almost all choices of ϑ, e, the period of the power generator exceeds (pl) 1−ε. And so, in this case, the power generator is uniformly distributed. We also give some other cryptographic applications, namely, to rulingout the cycling attack on the RSA cryptosystem and to socalled timerelease crypto. The principal tool is an estimate related to the Carmichael function λ(m), the size of the largest cyclic subgroup of the multiplicative group of residues modulo m. In particular, we show that for any ∆ ≥ (log log N) 3,wehave λ(m) ≥ N exp(−∆) for all integers m with 1 ≤ m ≤ N, apartfromatmost N exp −0.69 ( ∆ log ∆) 1/3) exceptions. 1.
Almost Difference Sets and Their Sequences With Optimal Autocorrelation
, 2001
"... Almost difference sets have interesting applications in cryptography and coding theory. In this paper, we give a wellrounded treatment of known families of almost difference sets, establish relations between some difference sets and some almost difference sets, and determine the numerical multiplie ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Almost difference sets have interesting applications in cryptography and coding theory. In this paper, we give a wellrounded treatment of known families of almost difference sets, establish relations between some difference sets and some almost difference sets, and determine the numerical multiplier group of some families of almost difference sets. We also construct six new classes of almost difference sets, and four classes of binary sequences of period H @�� � RA with optimal autocorrelation. We have also obtained two classes of relative difference sets and four classes of divisible difference sets (DDSs). We also point out that a result due to Jungnickel can be used to construct almost difference sets and sequences of period R with optimal autocorrelation.
On the Linear Complexity of the Power Generator
 Designs, Codes and Cryptography
, 1998
"... this paper we assume that this sequence is ..."
On the uniformity of distribution of the RSA pairs
 Math. Comp
"... Abstract. Let m = pl be a product of two distinct primes p and l. Weshow that for almost all exponents e with gcd(e, ϕ(m)) = 1 the RSA pairs (x, xe) are uniformly distributed modulo m when x runs through • the group of units Z ∗ m modulo m (that is, as in the classical RSA scheme); • the set of kp ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. Let m = pl be a product of two distinct primes p and l. Weshow that for almost all exponents e with gcd(e, ϕ(m)) = 1 the RSA pairs (x, xe) are uniformly distributed modulo m when x runs through • the group of units Z ∗ m modulo m (that is, as in the classical RSA scheme); • the set of kproducts x = ai1 ···ai, 1 ≤ i1 < ·· · < ik ≤ n, where k a1, ·· ·,an ∈ Z ∗ m are selected at random (that is, as in the recently introduced RSA scheme with precomputation). These results are based on some new bounds of exponential sums. 1.
The ANF of the Composition of Addition and Multiplication mod 2 n with a Boolean Function
"... Abstract. Compact formulas are derived to represent the Algebraic Normal Form (ANF) of f(x + a mod 2 n) and f(x × a mod 2 n) from and a is a constant the ANF of f, where f is a Boolean function on F n 2 of F n 2. We compare the algebraic degree of the composed functions with the algebraic degree of ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. Compact formulas are derived to represent the Algebraic Normal Form (ANF) of f(x + a mod 2 n) and f(x × a mod 2 n) from and a is a constant the ANF of f, where f is a Boolean function on F n 2 of F n 2. We compare the algebraic degree of the composed functions with the algebraic degree of the original function f. As an application, the formula for addition modulo 2 n is applied in an algebraic attack on the summation generator and the E0 encryption scheme in the Bluetooth keystream generator. 1
Sequences PseudoAleatoires Et Recurrences Lineaires A Coefficients Polynomiaux
"... Une mesure du premier type est la complexite lineaire d'une sequence. C' est la profondeur de la plus courte recurrence lineaire a coe#cients constants qui engendre une suite supposee periodique. Un algorithme fondamental de calcul de cette quantite est l'algorithme de Berlekamp Massey [2]. Un ra#ne ..."
Abstract
 Add to MetaCart
Une mesure du premier type est la complexite lineaire d'une sequence. C' est la profondeur de la plus courte recurrence lineaire a coe#cients constants qui engendre une suite supposee periodique. Un algorithme fondamental de calcul de cette quantite est l'algorithme de Berlekamp Massey [2]. Un ra#nement est le profil de complexite qui est la courbe d' evolution de la complexit e lineaire de la sequence observee sur un intervalle [0, t] en fonction du temps t. L'application principale est le point 1 plus haut. Une mesure du second type est l'autocorrelation qui est essentiellement le produit scalaire de la sequence (convenablement complexifiee par l'usage d 'un caractere additif du corps fini ambiant) avec une version decalee circulairement d'ellememe. Suivant la nature de cette copie on parle de correlation periodique, aperiodique, Doppler. Les applications de cette mesure sont les points 2 et 3 plus haut. Objectifs L'objectif principal du projet est d'implementer en caracterist
Logarithm Cartesian authentication codes
, 2003
"... Chanson, Ding and Salomaa have recently constructed several classes of authentication codes using certain classes of functions. In this paper, we further extend that work by constructing two classes of Cartesian authentication codes using the logarithm functions. The codes constructed here involve t ..."
Abstract
 Add to MetaCart
Chanson, Ding and Salomaa have recently constructed several classes of authentication codes using certain classes of functions. In this paper, we further extend that work by constructing two classes of Cartesian authentication codes using the logarithm functions. The codes constructed here involve the theory of cyclotomy and are better than a subclass of Helleseth–Johansson’s codes and Bierbrauer’s codes in terms of the maximum success probability with respect to the substitution attack.
Generating Pseudorandom SBoxes – a Method of Improving the Security of Cryptosystems Based on Block
"... Abstract—The paper presents a general framework for improving the security of the cryptosystem based on the symmetric block cipher. The main idea is based on possibility of chancing substitution boxes (called Sboxes) in encryption/decryption algorithm. In order to make it possible, it is necessary ..."
Abstract
 Add to MetaCart
Abstract—The paper presents a general framework for improving the security of the cryptosystem based on the symmetric block cipher. The main idea is based on possibility of chancing substitution boxes (called Sboxes) in encryption/decryption algorithm. In order to make it possible, it is necessary to generate identical boxes by an encryption and decryption party. This is the main reason, why deterministic methods of generating substitution boxes based on the pseudorandom sequences will be presented.