Analysis and design of stream ciphers
Analysis and design of stream ciphers
Journal of Algorithms
Finite fields
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Complexity of Lattice Problems
Complexity of Lattice Problems
Lattice Reduction in Cryptology: An Update
ANTS-IV Proceedings of the 4th International Symposium on Algorithmic Number Theory
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Modern Computer Algebra
Reconstructing noisy polynomial evaluation in residue rings
Journal of Algorithms
Analyzing a class of pseudo-random bit generator through inductive machine learning paradigm
Intelligent Data Analysis
Attacks on the ESA-PSS-04-151 MAC scheme
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Cryptanalysis of the knapsack generator
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Hi-index | 0.00 |
We consider the subset sum pseudorandom generator, introduced by Rueppel and Massey in 1985 and given by a linearly recurrent bit sequence u0, u1, ... of order n over ℤ2, and weights w = (w0, ..., wn−−1) ∈ Rn for some ring R. The rings R=ℤm are of particular interest. The ith value produced by this generator is ∑0≤jui+jwj. It is also recommended to discard about log n least significant bits of the result before using this sequence. We present several attacks on this generator (with and without the truncation), some of which are rigorously proven while others are heuristic. They work when one “half” of the secret is given, either the control sequence uj or the weights wj. Our attacks do not mean that the generator is insecure, but that one has to be careful in evaluating its security parameters.