Fast correlation attacks on certain stream ciphers
Journal of Cryptology
Resynchronization weaknesses in synchronous stream ciphers
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
A fast correlation attack on multiplexer generators
Information Processing Letters
Handbook of Applied Cryptography
Handbook of Applied Cryptography
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
Edit Distance Correlation Attack on the Alternating Step Generator
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Improved fast correlation attacks on stream ciphers via convolutional codes
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
A simple attack on some clock-controlled generators
Computers & Mathematics with Applications
Encryption System with Variable Number of Registers
Computers and Electrical Engineering
Reduced complexity attacks on the alternating step generator
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Improvement of the edit distance attack to clock-controlled LFSR-Based stream ciphers
EUROCAST'05 Proceedings of the 10th international conference on Computer Aided Systems Theory
Distinguishing stream ciphers with convolutional filters
SCN'06 Proceedings of the 5th international conference on Security and Cryptography for Networks
Algebraic attacks on clock-controlled stream ciphers
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
| Hi-index | 0.01 |
The alternating step generator is a well-known keystream generator consisting of two stop/go clocked LFSRs, LFSR1 and LFSR2, whose clocks are controlled by another LFSR, LFSR3, which is clocked regularly. A probabilistic analysis of this generator is conducted which shows that the posterior probabilites of individual bits of the first derivatives of the regularly clocked LFSR1 and LFSR2 sequences, when conditioned on a given segment of the first derivative of the keystream sequence, can be computed efficiently in a number of probabilistic models of interest. The expected values of these probabilities, for a random keystream sequence, are derived by an approximate theoretical analysis and are also verified by systematic computer experiments. It is pointed out that these posterior probabilities can be enhanced in a resynchronization scenario and thus used for a low-complexity fast correlation attack on the two LFSRs. More generally, it is argued that even without resynchronization these probabilities may be significantly different from one half for fast correlation attacks based on iterative decoding algorithms to be successful, although with incresead complexity. A related method for computing the posterior probabilities of individual bits of the LFSR3 sequence, when conditioned on both the keystream sequence and the LFSR1 and LFSR2 sequences, is also developed. As these posterior probabilities are much more different from one half, they can be used for a low-complexity fast correlation attack on LFSR3, provided that the initial states of LFSR1 and LFSR2 are previously reconstructed.