Introduction to finite fields and their applications
Introduction to finite fields and their applications
Fast correlation attacks on certain stream ciphers
Journal of Cryptology
The Design and Analysis of Computer Algorithms
The Design and Analysis of Computer Algorithms
SAC '00 Proceedings of the 7th Annual International Workshop on Selected Areas in Cryptography
BDD-Based Cryptanalysis of Keystream Generators
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Algebraic attacks on stream ciphers with linear feedback
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Sequences, DFT and Resistance against Fast Algebraic Attacks
SETA '08 Proceedings of the 5th international conference on Sequences and Their Applications
Efficient computation of algebraic immunity for algebraic and fast algebraic attacks
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Attack based on direct sum decomposition against the nonlinear filter generator
AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Cryptanalysis of WG-7: a lightweight stream cipher
Cryptography and Communications
| Hi-index | 0.00 |
Algebraic attacks have established themselves as a powerful method for the cryptanalysis of LFSR-based keystream generators (e.g., E0 used in Bluetooth). The attack is based on solving an overdetermined system of low-degree equations Rt=0, where Rtis an expression in the state of the LFSRs at clock t and one or several successive keystream bits zt,...,zt+δ. In fast algebraic attacks, new equations of a lower degree are constructed in a precomputation step. This is done by computing appropriate linear combinations of T successive initial equations Rt=0. The successive data complexity of the attack is the number T of successive equations. We propose a new variant of fast algebraic attacks where the same approach is employed to eliminate some unknowns, making a divide-and-conquer attack possible. In some cases, our variant is applicable whereas the first one is not. Both variants can have a high successive data complexity (e.g., T≥ 8.822.188 for E0). We describe how to keep it to a minimum and introduce suitable efficient algorithms for the precomputation step.