This paper investigates two new design rules of nonlinear combining functions in stream ciphers. It is shown that a combining function with high nonlinearity and high order correlation immunity is still not enough to prevent the divide and conquer attack and the BAA attack (or the best affine approximation attack) since the autocorrelation function of the combining function may also be leaked much more information about the input of the combining function. To measure the strength of nonlinear combining functions, the notion of maximum autocorrelation is introduced, which is based on the correlation between linear functions of input and the autocorrelation function of a combining function. The relationship between the maximum autocorrelation coefficient and the mutual information of the autocorrelation function of the combining function is discussed. Moreover, the upper bound of maximum autocorrelation coefficient is presented by using Walsh transform.
[1]
Alexander Maximov.
Cryptanalysis of the "Grain" family of stream ciphers
,
2006,
ASIACCS '06.
[2]
Agnes Hui Chan,et al.
Maximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers
,
2000,
CRYPTO.
[3]
Dengguo Feng,et al.
Maximum correlation analysis of nonlinear combining functions
,
1998
.
[4]
Thomas Siegenthaler,et al.
Decrypting a Class of Stream Ciphers Using Ciphertext Only
,
1985,
IEEE Transactions on Computers.
[5]
Cunsheng Ding,et al.
The Stability Theory of Stream Ciphers
,
1991,
Lecture Notes in Computer Science.