Fast Correlation Attacks on Stream Ciphers (Extended Abstract)

A common type of running key generator employed in stream cipher systems consists of n (mostly maximum-length) binary linear feedback shift registers (LFSR's) whose output sequences are combined by a nonlinear Boolean function f. The output of several combining functions previously proposed in the literature is known to be correlated to some input variables with probabilities p up to 0.75 (this holds, e.g. for the generators of Geffe, Pless, or Bruer). These generators have been broken in [2] for LFSR-lengths k < 50 (roughly), according to the computational complexity of the attack (based on an exhaustive search over all phases of the LFSR). But also other generators, e.g. certain types of multiplexed sequence generators, are known to be correlated to LFSR-components. In fact any generator having such correlations may be vulnerable to a correlation attack.