Linear Cryptanalysis of Stream Ciphers

Starting from recent results on a linear statistical weakness of keystream generators and on linear correlation properties of combiners with memory, linear cryptanalysis of stream ciphers based on the linear sequential circuit approximation of finite-state machines is introduced as a general method for assessing the strength of stream ciphers. The statistical weakness can be used to reduce the uncertainty of unknown plaintext and also to reconstruct the unknown structure of a keystream generator, regardless of the initial state. The linear correlations in arbitrary keystream generators can be used for divide and conquer correlation attacks on the initial state based on known plaintext or ciphertext only. Linear cryptanalysis of irregularly clocked shift registers as well as of arbitrary shift register based binary keystream generators proves to be feasible. In particular, the direct stream cipher mode of block ciphers, the basic summation generator, the shrinking generator, the clock-controlled cascade generator, and the modified linear congruential generators are analyzed. It generally appears that simple shift register based keystream generators are potentially vulnerable to linear cryptanalysis. A proposal of a novel, simple and secure keystream generator is also presented.

[1]  W. G. Chambers,et al.  Two Stream Ciphers , 1993, FSE.

[2]  Jovan Dj. Golic,et al.  On the Security of Shift Register Based Keystream Generators , 1993, FSE.

[3]  Jovan Dj. Golic Linear Models for Keystream Generators , 1996, IEEE Trans. Computers.

[4]  Jovan Dj. Golic,et al.  Intrinsic Statistical Weakness of Keystream Generators , 1994, ASIACRYPT.

[5]  Vincent Rijmen,et al.  Cryptanalysis of the CFB Mode of the DES with a Reduced Number of Rounds , 1993, CRYPTO.

[6]  Markus Dichtl,et al.  Fish: A Fast Software Stream Cipher , 1993, FSE.

[7]  Cunsheng Ding,et al.  The Stability Theory of Stream Ciphers , 1991, Lecture Notes in Computer Science.

[8]  Willi Meier,et al.  Cryptographic Significance of the Carry for Ciphers Based on Integer Addition , 1990, CRYPTO.

[9]  Hugo Krawczyk,et al.  The Shrinking Generator , 1994, CRYPTO.

[10]  Dieter Gollmann,et al.  A Cryptanalysis of Stepk, m-Cascades , 1989, EUROCRYPT.

[11]  Dieter Gollmann,et al.  Clock-controlled shift registers: a review , 1989, IEEE J. Sel. Areas Commun..

[12]  Thomas Siegenthaler,et al.  Decrypting a Class of Stream Ciphers Using Ciphertext Only , 1985, IEEE Transactions on Computers.

[13]  Alan M. Frieze,et al.  Reconstructing Truncated Integer Variables Satisfying Linear Congruences , 1988, SIAM J. Comput..

[14]  Jovan Dj. Golic,et al.  On the linear complexity of nonuniformly decimated PN-sequences , 1988, IEEE Trans. Inf. Theory.

[15]  Jovan Dj. Golic,et al.  Correlation via Linear Sequential Circuit Approximation of Combiners with memory , 1992, EUROCRYPT.

[16]  Dieter Gollmann,et al.  Lock-In Effect in Cascades of Clock-Controlled Shift-Registers , 1988, EUROCRYPT.

[17]  James L. Massey,et al.  Shift-register synthesis and BCH decoding , 1969, IEEE Trans. Inf. Theory.

[18]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[19]  Willi Meier,et al.  The Self-Shrinking Generator , 1994, EUROCRYPT.

[20]  Miodrag J. Mihaljevic An Approach to the Initial State Reconstruction of a Clock-Controlled Shift Register Based on a Novel Distance Measure , 1992, AUSCRYPT.

[21]  Mitsuru Matsui,et al.  Differential Attack on Message Authentication Codes , 1993, CRYPTO.

[22]  Vladimir V. Chepyzhov,et al.  On A Fast Correlation Attack on Certain Stream Ciphers , 1991, EUROCRYPT.

[23]  Gustavus J. Simmons,et al.  Contemporary Cryptology: The Science of Information Integrity , 1994 .