A faster cryptanalysis of the self-shrinking generator
ACISP '96 Proceedings of the First Australasian Conference on Information Security and Privacy
Improved Cryptanalysis of the Self-Shrinking Generator
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
BDD-Based Cryptanalysis of Keystream Generators
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
The Shrinking Generator: Some Practical Considerations
Fast Software Encryption, Cambridge Security Workshop
A new efficient algorithm for computing Gröbner bases without reduction to zero (F5)
Proceedings of the 2002 international symposium on Symbolic and algebraic computation
Algorithms for solving linear and polynomial systems of equations over finite fields, with applications to cryptanalysis
Efficient algorithms for solving overdefined systems of multivariate polynomial equations
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
New guess-and-determine attack on the self-shrinking generator
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Two New Attacks on the Self-Shrinking Generator
IEEE Transactions on Information Theory
Hi-index | 0.00 |
The self-shrinking Generator (SSG) was proposed by Meier and Staffelbach at Eurocrypt'94. Two similar guess-and-determine attacks were independently proposed by Hell-Johansson and Zhang-Feng in 2006, and give the best time/data tradeoff on this cipher so far. These attacks do not depend on the Hamming weight of the feedback polynomial (defining the LFSR in SSG).In this paper we propose a new attack strategy against SSG, when the Hamming weight is at most 5. For this case we obtain a better tradeoff than all previously known attacks (including Hell-Johansson and Zhang-Feng). Our main idea consists in guessing some information about the internal bitstream of the SSG, and expressing this information by a system of polynomial equations in the still unknown key bits. From a practical point of view, we show that using a SAT solver, such as MiniSAT, is the best way of solving this polynomial system.Since Meier and Staffelbach original paper, avoiding low Hamming weight feedback polynomials has been a widely believed principle. However this rule did not materialize in previous recent attacks. With the new attacks described in this paper, we show explicitly that this principle remains true.