Results 1  10
of
62
Feedback shift registers, 2adic span, and combiners with memory
 Journal of Cryptology
, 1997
"... Feedback shift registers with carry operation (FCSR’s) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSR’s) are presen ..."
Abstract

Cited by 50 (7 self)
 Add to MetaCart
Feedback shift registers with carry operation (FCSR’s) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSR’s) are presented, including a synthesis algorithm (analogous to the BerlekampMassey algorithm for LFSR’s) which, for any pseudorandom sequence, constructs the smallest FCSR which will generate the sequence. These techniques are used to attack the summation cipher. This analysis gives a unified approach to the study of pseudorandom sequences, arithmetic codes, combiners with memory, and the MarsagliaZaman random number generator. Possible variations on the FCSR architecture are indicated at the end. Index Terms – Binary sequence, shift register, stream cipher, combiner with memory, cryptanalysis, 2adic numbers, arithmetic code, 1/q sequence, linear span. 1
BDDbased cryptanalysis of keystream generators
 Advances in Cryptology – EUROCRYPT’02, LNCS 1462
, 2002
"... Abstract. Many of the keystream generators which are used in practice are LFSRbased in the sense that they produce the keystream according to a rule y = C(L(x)), where L(x) denotes an internal linear bitstream, produced by a small number of parallel linear feedback shift registers (LFSRs), and C de ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
Abstract. Many of the keystream generators which are used in practice are LFSRbased in the sense that they produce the keystream according to a rule y = C(L(x)), where L(x) denotes an internal linear bitstream, produced by a small number of parallel linear feedback shift registers (LFSRs), and C denotes some nonlinear compression function. We present an n O(1) 2 (1−α)/(1+α)n time bounded attack, the FBDDattack, against LFSRbased generators, which computes the secret initial state x ∈ {0, 1} n from cn consecutive keystream bits, where α denotes the rate of information, which C reveals about the internal bitstream, and c denotes some small constant. The algorithm uses Free Binary Decision Diagrams (FBDDs), a data structure for minimizing and manipulating Boolean functions. The FBDDattack yields better bounds on the effective key length for several keystream generators of practical use, so a 0.656n bound for the selfshrinking generator, a 0.6403n bound for the A5/1 generator, used in the GSM standard, a 0.6n bound for the E0 encryption standard in the one level mode, and a 0.8823n bound for the twolevel E0 generator used in the Bluetooth wireless LAN system. 1
Crosscorrelations of linearly and quadratically related geometric
 DISCRETE APPLIED MATHEMATICS
, 1993
"... In this paper we study the crosscorrelation function values of geometric sequences obtained from qary msequences whose underlying msequences are linearly or quadratically related. These values are determined by counting the points of intersection of pairs of hyperplanes or of hyperplanes and qua ..."
Abstract

Cited by 20 (8 self)
 Add to MetaCart
In this paper we study the crosscorrelation function values of geometric sequences obtained from qary msequences whose underlying msequences are linearly or quadratically related. These values are determined by counting the points of intersection of pairs of hyperplanes or of hyperplanes and quadric hypersurfaces of a finite geometry. The results are applied to obtain the crosscorrelations of msequences and GMW sequences with different primitive polynomials.
Random Number Generators for Parallel Applications
 in Monte Carlo Methods in Chemical Physics
, 1998
"... this article is devoted, because these com1 putations require the highest quality of random numbers. The ability to do a multidimensional integral relies on properties of uniformity of ntuples of random numbers and/or the equivalent property that random numbers be uncorrelated. The quality aspect i ..."
Abstract

Cited by 17 (7 self)
 Add to MetaCart
this article is devoted, because these com1 putations require the highest quality of random numbers. The ability to do a multidimensional integral relies on properties of uniformity of ntuples of random numbers and/or the equivalent property that random numbers be uncorrelated. The quality aspect in the other uses is normally less important simply because the models are usually not all that precisely specified. The largest uncertainties are typically due more to approximations arising in the formulation of the model than those caused by lack of randomness in the random number generator. In contrast, the first class of applications can require very precise solutions. Increasingly, computers are being used to solve very welldefined but hard mathematical problems. For example, as Dirac [1] observed in 1929, the physical laws necessary for the mathematical theory of a large part of physics and the whole of chemistry are completely known and it is only necessary to find precise methods for solving the equations for complex systems. In the intervening years fast computers and new computational methods have come into existence. In quantum chemistry, physical properties must be calculated to "chemical accuracy" (say 0.001 Rydbergs) to be relevant to physical properties. This often requires a relative accuracy of 10
Lecture Notes on Cryptography
, 2001
"... This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taught at MIT by Shafi Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes were formed by merging notes written for Shafi Goldwasser’s Cryptography and Cryptanalysis course at MI ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
This is a set of lecture notes on cryptography compiled for 6.87s, a one week long course on cryptography taught at MIT by Shafi Goldwasser and Mihir Bellare in the summers of 1996–2001. The notes were formed by merging notes written for Shafi Goldwasser’s Cryptography and Cryptanalysis course at MIT with notes written for Mihir Bellare’s Cryptography and network security course at UCSD. In addition, Rosario Gennaro (as Teaching Assistant for the course in 1996) contributed Section 9.6, Section 11.4, Section 11.5, and Appendix D to the notes, and also compiled, from various sources, some of the problems in Appendix E. Cryptography is of course a vast subject. The thread followed by these notes is to develop and explain the notion of provable security and its usage for the design of secure protocols. Much of the material in Chapters 2, 3 and 7 is a result of scribe notes, originally taken by MIT graduate students who attended Professor Goldwasser’s Cryptography and Cryptanalysis course over the years, and later edited by Frank D’Ippolito who was a teaching assistant for the course in 1991. Frank also contributed much of the advanced number theoretic material in the Appendix. Some of the material in Chapter 3 is from the chapter on Cryptography, by R. Rivest, in the Handbook of Theoretical Computer Science. Chapters 4, 5, 6, 8 and 10, and Sections 9.5 and 7.4.6, were written by Professor Bellare for his Cryptography and network security course at UCSD.
Cascaded GMW Sequences
, 2002
"... Pseudorandom binary sequences with high linear complexity and low correlation function values are sought in many applications of modern communication systems. ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
Pseudorandom binary sequences with high linear complexity and low correlation function values are sought in many applications of modern communication systems.
Improved Cryptanalysis of the SelfShrinking Generator
 Proc. ACISP ’01, volume 2119 of LNCS
, 2001
"... . We propose a new attack on the selfshrinking generator [8]. ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
. We propose a new attack on the selfshrinking generator [8].
Feedback Registers Based on Ramified Extensions of the 2Adic Numbers (Extended Abstract)
 Advances in Cryptology  Eurocrypt 1994. Lecture Notes in Computer Science 718
, 1995
"... A new class of feedback register, based on ramified extensions of the 2adic numbers, is described. An algebraic framework for the analysis of these registers and the sequences they output is given. This framework parallels that of linear feedback shift registers. As one consequence of this, a metho ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
A new class of feedback register, based on ramified extensions of the 2adic numbers, is described. An algebraic framework for the analysis of these registers and the sequences they output is given. This framework parallels that of linear feedback shift registers. As one consequence of this, a method for cracking summation ciphers is given. These registers give rise to new measures of cryptologic security.
The Vulnerability of Geometric Sequences Based on Fields of Odd Characteristic
"... A new method of cryptologic attack on binary sequences is given, using their linear complexities relative to odd prime numbers. We show that, relative to a particular prime number p, the linear complexity of a binary geometric sequences is low. It is also shown that the prime p, can be determined ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
A new method of cryptologic attack on binary sequences is given, using their linear complexities relative to odd prime numbers. We show that, relative to a particular prime number p, the linear complexity of a binary geometric sequences is low. It is also shown that the prime p, can be determined with high probability by a randomized algorithm if a number of bits much smaller than the linear complexity is known. This determination is made by exploiting the imbalance in the number of zeros and ones in the sequences in question, and uses a new statistical measure, the partial imbalance.
Bidirectional Huffman Coding
, 1989
"... Under what conditions can Huffman codes be efficiently decoded in both directions? The usual decoding procedure works also for backward decoding only if the code has the affix property, i.e., both prefix and suffix properties. Some affix Huffman codes are exhibited, and necessary conditions for the ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
Under what conditions can Huffman codes be efficiently decoded in both directions? The usual decoding procedure works also for backward decoding only if the code has the affix property, i.e., both prefix and suffix properties. Some affix Huffman codes are exhibited, and necessary conditions for the existence of such codes are given. An algorithm is presented which, for a given set of codeword lengths, constructs an affix code, if there exists one. Since for many distributions there is no affix code giving the same compression as the Huffman code, a new algorithm for backward decoding of nonaffix Huffman codes is presented, and its worst case complexity is proved to be linear in the length of the encoded text. 1. Introduction For a given sequence of n weights w 1 ; : : : ; wn , with w i ? 0, Huffman's wellknown algorithm [9] constructs an optimum prefix code. We use throughout the term `code' as abbreviation for `set of codewords'. In a prefix code no codeword is the prefix of any o...