CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
A faster cryptanalysis of the self-shrinking generator
ACISP '96 Proceedings of the First Australasian Conference on Information Security and Privacy
A Probabilistic Correlation Attack on the Shrinking Generator
ACISP '98 Proceedings of the Third Australasian Conference on Information Security and Privacy
Improved Cryptanalysis of the Self-Shrinking Generator
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Correlation Analysis of the Shrinking Generator
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
An Improved Linear Syndrome Algorithm in Cryptanalysis With Applications
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
BDD-Based Cryptanalysis of Keystream Generators
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
On the efficiency of the clock control guessing attack
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Predicting the shrinking generator with fixed connections
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Fault cryptanalysis and the shrinking generator
WEA'06 Proceedings of the 5th international conference on Experimental Algorithms
Synchronization fault cryptanalysis for breaking a5/1
WEA'05 Proceedings of the 4th international conference on Experimental and Efficient Algorithms
Hi-index | 0.00 |
We concern security of shrinking generator against fault attacks. While this pseudorandom bitstream generator is cryptographically strong and well suited for hardware implementations, especially for cheap artefacts, we show that using it for the devices that are not fault resistant is risky. That is, even if a device concerned is tamper-proof, generating random faults and analyzing the results may reveal secret keys stored inside the device. For the attack we flip a random bit and observe propagation of errors. The attack uses peculiar properties of the shrinking generator and presents a new kind of threats for designs based on combining weaker generators. In particular, it indicates that potentially all designs based on combining LFSR generators might be practically weak due to slow propagation of errors in a single LFSR.