How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
Analysis and design of stream ciphers
Analysis and design of stream ciphers
Products of linear recurring sequences with maximum complexity
IEEE Transactions on Information Theory
Structural complexity 1
A provably-secure strongly-randomized cipher
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
On the covering radius of Reed-Muller codes
Discrete Mathematics - A collection of contributions in honour of Jack van Lint
Cryptoanalysis Based on 2-Adic Rational Approximation
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
The Differential Cryptanalysis and Design of Natural Stream Ciphers
Fast Software Encryption, Cambridge Security Workshop
Fast Software Encryption, Cambridge Security Workshop
Decrypting a Class of Stream Ciphers Using Ciphertext Only
IEEE Transactions on Computers
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Bounds for the Multicovering Radii of Reed-Muller Codes with Applications to Stream Ciphers
Designs, Codes and Cryptography
Pseudorandom sequences and stream ciphers
Algorithms and theory of computation handbook
| Hi-index | 0.00 |
Designers of stream ciphers have generally used ad hoc methods to build systems that are secure against known attacks. There is often a sense that this is the best that can be done, that any system will eventually fall to a practical attack. In this paper we show that there are families of keystream generators that resist all possible attacks of a very general type in which a small number of known bits of a keystream are used to synthesize a generator of the keystream (called a synthesizing algorithm). Such attacks are exemplified by the Berlekamp-Massey attack. We first formalize the notions of a family of feedback registers and of a synthesizing algorithm. We then show that for any function h(n) that is in O(2n/d) for every d 0, there is a secure family B of periodic sequences in the sense that any efficient synthesizing algorithm outputs a register of size h(log(period(B))) given the required number of bits of a sequence B ∈ B of large enough period. This result is tight in the sense it fails for any faster growing function h(n). We also consider several variations on this scenario.