Some attacks on the bit-search generator

  • Authors:
  • Martin Hell;Thomas Johansson

  • Affiliations:
  • Dept. of Information Technology, Lund University, Lund, Sweden;Dept. of Information Technology, Lund University, Lund, Sweden

  • Venue:
  • FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

The bit-search generator (BSG) was proposed in 2004 and can be seen as a variant of the shrinking and self-shrinking generators. It has the advantage that it works at rate 1/3 using only one LFSR and some selection logic. We present various attacks on the BSG based on the fact that the output sequence can be uniquely defined by the differential of the input sequence. By knowing only a small part of the output sequence we can reconstruct the key with complexity O(L320.5 L). This complexity can be significantly reduced in a data/time tradeoff manner to achieve a complexity of O(L320.27 L) if we have O(20.27 L) of keystream. We also propose a distinguishing attack that can be very efficient if the feedback polynomial is not carefully chosen.