Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
Modified branching programs and their computational power
Modified branching programs and their computational power
Graph driven BDDs—a new data structure for Boolean functions
Theoretical Computer Science
Shift Register Sequences
Efficient Boolean Manipulation with OBDD's Can be Extended to FBDD's
IEEE Transactions on Computers
A faster cryptanalysis of the self-shrinking generator
ACISP '96 Proceedings of the First Australasian Conference on Information Security and Privacy
Improved Cryptanalysis of the Self-Shrinking Generator
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Cryptanalysis of the A5/1 GSM Stream Cipher
INDOCRYPT '00 Proceedings of the First International Conference on Progress in Cryptology
Real Time Cryptanalysis of A5/1 on a PC
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Cryptanalysis of alleged A5 stream cipher
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Complexity Theoretical Results on Nondeterministic Graph-Driven Read-Once Branching Programs
STACS '03 Proceedings of the 20th Annual Symposium on Theoretical Aspects of Computer Science
Information Processing Letters
Proceedings of the 3rd international conference on Mobile systems, applications, and services
Guess-and-Determine Algebraic Attack on the Self-Shrinking Generator
Fast Software Encryption
Random Fault Attack against Shrinking Generator
Algorithmic Aspects of Wireless Sensor Networks
Modified clock-controlled alternating step generators
Computer Communications
Security Analysis of a Variant of Self-Shrinking Generator
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Encryption System with Variable Number of Registers
Computers and Electrical Engineering
On the efficiency of the clock control guessing attack
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Extended BDD-based cryptanalysis of keystream generators
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Attacking Bivium using SAT solvers
SAT'08 Proceedings of the 11th international conference on Theory and applications of satisfiability testing
Modified self-shrinking generator
Computers and Electrical Engineering
Generalization of the self-shrinking generator in the galois field GF(pn)
Advances in Artificial Intelligence
De Bruijn sequences and complexity of symmetric functions
Cryptography and Communications
Cryptanalysis of the bluetooth E0 cipher ssing OBDD's
ISC'06 Proceedings of the 9th international conference on Information Security
New guess-and-determine attack on the self-shrinking generator
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
An improved correlation attack on a5/1
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Introducing a new variant of fast algebraic attacks and minimizing their successive data complexity
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Analysis of the bit-search generator and sequence compression techniques
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Some attacks on the bit-search generator
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Reducing the space complexity of BDD-Based attacks on keystream generators
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
The conditional correlation attack: a practical attack on bluetooth encryption
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
A symbolic approach to the all-pairs shortest-paths problem
WG'04 Proceedings of the 30th international conference on Graph-Theoretic Concepts in Computer Science
How to strengthen pseudo-random generators by using compression
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
New variant of the self-shrinking generator and its cryptographic properties
ICISC'06 Proceedings of the 9th international conference on Information Security and Cryptology
Analysis of trivium using compressed right hand side equations
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Solving compressed right hand side equation systems with linear absorption
SETA'12 Proceedings of the 7th international conference on Sequences and Their Applications
Some cryptanalysis of a p-ary generalized self-shrinking generator
Proceedings of the 13th International Conference on Computer Systems and Technologies
Algebraic immunity of S-boxes and augmented functions
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
| Hi-index | 0.01 |
Many of the keystream generators which are used in practice are LFSR-based in the sense that they produce the keystream according to a rule y = C(L(x)), where L(x) denotes an internal linear bitstream, produced by a small number of parallel linear feedback shift registers (LFSRs), and C denotes some nonlinear compression function. We present an nO(1)2(1-驴)/(1+驴)n time bounded attack, the FBDD-attack, against LFSR-based generators, which computes the secret initial state x 驴 {0, 1}n from cn consecutive keystream bits, where a denotes the rate of information, which C reveals about the internal bitstream, and c denotes some small constant. The algorithm uses Free Binary Decision Diagrams (FBDDs), a data structure for minimizing and manipulating Boolean functions. The FBDD-attack yields better bounds on the effective key length for several keystream generators of practical use, so a 0.656n bound for the self-shrinking generator, a 0.6403n bound for the A5/1 generator, used in the GSM standard, a 0.6n bound for the E0 encryption standard in the one level mode, and a 0.8823n bound for the two-level E0 generator used in the Bluetooth wireless LAN system.