Results 1  10
of
15
Handbook of Applied Cryptography
, 1997
"... As we draw near to closing out the twentieth century, we see quite clearly that the informationprocessing and telecommunications revolutions now underway will continue vigorously into the twentyfirst. We interact and transact by directing flocks of digital packets towards each other through cybers ..."
Abstract

Cited by 2477 (30 self)
 Add to MetaCart
As we draw near to closing out the twentieth century, we see quite clearly that the informationprocessing and telecommunications revolutions now underway will continue vigorously into the twentyfirst. We interact and transact by directing flocks of digital packets towards each other through cyberspace, carrying love notes, digital cash, and secret corporate documents. Our personal and economic lives rely more and more on our ability to let such ethereal carrier pigeons mediate at a distance what we used to do with facetoface meetings, paper documents, and a firm handshake. Unfortunately, the technical wizardry enabling remote collaborations is founded on broadcasting everything as sequences of zeros and ones that one's own dog wouldn't recognize. What is to distinguish a digital dollar when it is as easily reproducible as the spoken word? How do we converse privately when every syllable is bounced off a satellite and smeared over an entire continent? How should a bank know that it really is Bill Gates requesting from his laptop in Fiji a transfer of $10,000,000,000 to another bank? Fortunately, the magical mathematics of cryptography can help. Cryptography provides techniques for keeping information secret, for determining that information
Analysis of the E_0 Encryption System
, 43
"... The encryption system E_0, which is the encryption system used in the Bluetooth specification, is examined. In the current paper, a method of deriving the cipher key from a set of known keystream bits is given. The running time for this method depends on the amount of known keystream available, vary ..."
Abstract

Cited by 20 (1 self)
 Add to MetaCart
The encryption system E_0, which is the encryption system used in the Bluetooth specification, is examined. In the current paper, a method of deriving the cipher key from a set of known keystream bits is given. The running time for this method depends on the amount of known keystream available, varying from O(2^84) if 132 bits are available to O(2^73), given 2^43 bits of known keystream. Although the attacks are of no advantage if E_0 is used with the recommended security parameters (64 bit encryption key), they provide an upper bound on the amount of security that would be made available by enlarging the encryption key, as discussed in the Bluetooth specification.
The LILI128 Keystream Generator
"... The LILI128 keystream generator is a LFSR based synchronous stream cipher with a 128 bit key. The design offers large period and linear complexity, and is resistant to currently known styles of attack. LILI is simple to implement in hardware or software. ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
The LILI128 keystream generator is a LFSR based synchronous stream cipher with a 128 bit key. The design offers large period and linear complexity, and is resistant to currently known styles of attack. LILI is simple to implement in hardware or software.
A Faster Attack on Certain Stream Ciphers
, 1993
"... : A number of keystream generators can be attacked by guessing the contents of one shift register and then checking to see whether this guess is consistent with the observed keystream. Where the target register is n bits long, this gives an attack of complexity 2 n\GammaO(1) . We present a further ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
: A number of keystream generators can be attacked by guessing the contents of one shift register and then checking to see whether this guess is consistent with the observed keystream. Where the target register is n bits long, this gives an attack of complexity 2 n\GammaO(1) . We present a further optimisation which appears to reduce the complexity to about 2 n=2 in many cases of practical interest. Introduction: Many stream cipher systems work by combining each successive bit of plaintext with a pseudorandom bit derived from a keystream generator, which will typically use a nonlinear function of one or more linear feedback shift register sequences to generate these pseudorandom bits. Examples are the multiplexer generator [1], the selfmultiplexed generator [2], Geffe's generator [3] and the clock controlled or stopandgo family of generators [4]. Such stream cipher algorithms are usually faster than block ciphers such as DES [5] and are often used in devices such as line encr...
On the Efficiency of the Clock Control Guessing Attack
, 2002
"... Many bitstream generators are based on linear feedback shift registers. A widespread technique for the cryptanalysis of those generators is the linear consistency test (LCT). In this paper, we consider an application of the LCT in cryptanalysis of clockcontrolled bitstream generators, called clock ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Many bitstream generators are based on linear feedback shift registers. A widespread technique for the cryptanalysis of those generators is the linear consistency test (LCT). In this paper, we consider an application of the LCT in cryptanalysis of clockcontrolled bitstream generators, called clock control guessing. We give a general and very simple method for estimating the eciency of clock control guessing, yielding an upper bound on the e ective key length of a whole group of bitstream generators. Finally, we apply the technique against a number of clockcontrolled generators, such as the A5/1, alternating step generator, step1step2 generator, cascade generator, and others.
A New Statistical Distinguisher for the Shrinking Generator
, 2003
"... The shrinking generator is a wellknown keystream generator composed of two linear feedback shift registers, LFSR 1 and LFSR 2 , where LFSR 1 is clockcontrolled according to regularly clocked LFSR 2 . The keystream sequence is thus a decimated LFSR 1 sequence. ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
The shrinking generator is a wellknown keystream generator composed of two linear feedback shift registers, LFSR 1 and LFSR 2 , where LFSR 1 is clockcontrolled according to regularly clocked LFSR 2 . The keystream sequence is thus a decimated LFSR 1 sequence.
Reduced Complexity Attacks on the Alternating Step Generator
"... Abstract. In this paper, we present some reduced complexity attacks on the Alternating Step Generator (ASG). The attacks are based on a quite general framework and mostly benefit from the low sampling resistance of the ASG, and of an abnormal behavior related to the distribution of the initial state ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. In this paper, we present some reduced complexity attacks on the Alternating Step Generator (ASG). The attacks are based on a quite general framework and mostly benefit from the low sampling resistance of the ASG, and of an abnormal behavior related to the distribution of the initial states of the stop/go LFSR’s which produce a given segment of the output sequence. Our results compare well with previous results as they show a greater flexibility with regard to known output of the ASG, which amounts in reduced complexity. We will also give a closed form for the complexity of attacks on ASG (and SG) as presented in [13].
Cryptanalysis of LFSRbased pseudorandom generators  a survey
, 2004
"... Abstract. Pseudorandom generators based on linear feedback shift registers (LFSR) are a traditional building block for cryptographic stream ciphers. In this report, we review the general idea for such generators, as well as the most important techniques of cryptanalysis. 1 Security Model 1.1 Shannon ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. Pseudorandom generators based on linear feedback shift registers (LFSR) are a traditional building block for cryptographic stream ciphers. In this report, we review the general idea for such generators, as well as the most important techniques of cryptanalysis. 1 Security Model 1.1 Shannon’s model Basic setting: The most basic task of cryptography is encryption. The setting was captured by Shannon in [47] as a modification of his wellknown communication model, proposed in [46]. Consider two entities, named sender and receiver, who want to transmit an arbitrary message at an arbitrary point in time in complete privacy. There are two communication channels available: – The secret channel is completely confidential. No information that is transmitted using this channel can be observed by a third party. However, the secret channel has the disadvantage of being available only at fixed points in time (e.g., when sender and receiver meet in person).
Analysis of Lightweight Stream Ciphers
 PHD THESIS
, 2008
"... Stream ciphers are fast cryptographic primitives to provide confidentiality of electronically transmitted data. They can be very suitable in environments with restricted resources, such as mobile devices or embedded systems. Practical examples are cell phones, RFID transponders, smart cards or devic ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Stream ciphers are fast cryptographic primitives to provide confidentiality of electronically transmitted data. They can be very suitable in environments with restricted resources, such as mobile devices or embedded systems. Practical examples are cell phones, RFID transponders, smart cards or devices in sensor networks. Besides efficiency, security is the most important property of a stream cipher. In this thesis, we address cryptanalysis of
modern lightweight stream ciphers. We derive and improve cryptanalytic methods for different building blocks and present dedicated attacks on specific proposals, including some eSTREAM candidates. As a result, we elaborate on the design criteria for the development of secure and efficient stream ciphers. The bestknown building block is the linear
feedback shift register (LFSR), which can be combined with a nonlinear Boolean output function. A powerful type of attacks against LFSRbased stream ciphers are the recent
algebraic attacks, these exploit the specific structure by deriving low degree equations for recovering the secret key. We efficiently determine the immunity of existing and newly constructed Boolean functions against fast algebraic attacks. The concept of algebraic immunity is then generalized by investigating the augmented function of the stream cipher. As an application of this framework, we improve the cryptanalysis of a wellknown stream cipher with irregularly clocked LFSR’s. Algebraic attacks can be avoided by substituting the LFSR with a suitable nonlinear driving device, such as a feedback shift register with carry (FCSR) or the recently proposed class of Tfunctions. We investigate both replacement schemes in view of their security, and devise different practical attacks (including
linear attacks) on a number of specific proposals based on Tfunctions. Another efficient method to amplify the nonlinear behavior is to use a roundbased filter function, where each round consists of simple nonlinear operations. We use differential methods to break a reducedround version of eSTREAM candidate Salsa20. Similar methods can be used to break a related compression function with a reduced number of rounds. Finally, we investigate the algebraic structure of the initialization function of stream ciphers and provide a framework for key recovery attacks. As an application, a key recovery attack on simplified versions of eSTREAM candidates Trivium and Grain128 is given.
This is a Chapter from the Handbook of Applied Cryptography
, 1996
"... s), p.146, 1985. [790] J.L. MASSEY AND X. LAI, "Device for converting a digital block and the use thereof", European Patent # 482,154, 29 Apr 1992. [791] , "Device for the conversion of a digital block and use of same", U.S. Patent # 5,214,703, 25 May 1993. [792] J.L. MASSEY AND J.K. OMURA, "Meth ..."
Abstract
 Add to MetaCart
s), p.146, 1985. [790] J.L. MASSEY AND X. LAI, "Device for converting a digital block and the use thereof", European Patent # 482,154, 29 Apr 1992. [791] , "Device for the conversion of a digital block and use of same", U.S. Patent # 5,214,703, 25 May 1993. [792] J.L. MASSEY AND J.K. OMURA, "Method and apparatus for maintaining the privacy of digital messages conveyed by public transmission ", U.S. Patent # 4,567,600, 28 Jan 1986. [793] J.L. MASSEY AND R.A. RUEPPEL, "Linear ciphers and random sequence generators with multiple clocks", Advances in Cryptology Proceedings of EUROCRYPT 84 (LNCS 209), 7487, 1985. [794] J.L. MASSEY AND S. SERCONEK, "A Fourier transform approach to the linear complexity of nonlinearly filtered sequences", Advances in CryptologyCRYPTO '94 (LNCS 839), 332340, 1994. [795] M. MATSUI, "The first experimental cryptanalysis of the Data Encryption Standard", Advances in CryptologyCRYPTO '94 (LNCS 839), 111, 1994. [796] , "Linear cryptanalysis metho...