Branching programs and binary decision diagrams: theory and applications
Branching programs and binary decision diagrams: theory and applications
BDD-Based Cryptanalysis of Keystream Generators
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
OBDD-Based Cryptanalysis of Oblivious Keystream Generators
Theory of Computing Systems
Cryptanalysis of the bluetooth E0 cipher ssing OBDD's
ISC'06 Proceedings of the 9th international conference on Information Security
Reducing the space complexity of BDD-Based attacks on keystream generators
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Fibonacci and Galois representations of feedback-with-carry shift registers
IEEE Transactions on Information Theory
Attacking Bivium using SAT solvers
SAT'08 Proceedings of the 11th international conference on Theory and applications of satisfiability testing
De Bruijn sequences and complexity of symmetric functions
Cryptography and Communications
Analysis of trivium using compressed right hand side equations
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Solving compressed right hand side equation systems with linear absorption
SETA'12 Proceedings of the 7th international conference on Sequences and Their Applications
Hi-index | 0.00 |
The main application of stream ciphers is online-encryption of arbitrarily long data. Many practically used and intensively discussed stream ciphers consist of a small number of linear feedback shift registers (LFSRs) and a compression function that transforms the bitstreams produced by the LFSRs into the output keystream. In 2002, Krause proposed a Binary Decision Diagram (BDD) based attack on this type of ciphers, which ranges among the best generic short-keystream attacks on practically used ciphers such as the A5/1 generator used in GSM and the E0 generator from the Bluetooth standard. In this paper we show how to extend the BDD-technique to nonlinear feedback shift registers (NFSRs), feedback shift registers with carry (FCSRs), and arbitrary compression functions. We apply our findings to the eSTREAM focus ciphers TRIVIUM, Grain and F-FCSR. In the case of Grain, we obtain the first nontrivial cryptanalytic result besides generic time-memory-data tradeoffs.