Computing the biases of parity-check relations

A divide-and-conquer cryptanalysis can often be mounted against some keystream generators composed of several (nonlinear) independent devices combined by a Boolean function. In particular, any parity-check relation derived from the periods of some constituent sequences usually leads to a distinguishing attack whose complexity is determined by the bias of the relation. However, estimating this bias is a difficult problem since the piling-up lemma cannot be used. Here, we give two exact expressions for this bias. Most notably, these expressions lead to a new algorithm for computing the bias of a parity-check relation, and they also provide some simple formulae for this bias in some particular cases which are commonly used in cryptography.

[1]  Martin Hell,et al.  Cryptanalysis of Achterbahn-Version 2 , 2006, Selected Areas in Cryptography.

[2]  Berndt Gammel,et al.  The Achterbahn Stream Cipher , 2005 .

[3]  Rainer Göttfert,et al.  An NLFSR-based stream cipher , 2006, 2006 IEEE International Symposium on Circuits and Systems.

[4]  Yuliang Zheng,et al.  Plateaued Functions , 1999, ICICS.

[5]  Rainer Göttfert,et al.  Status of Achterbahn and Tweaks , 2006 .

[6]  Oliver Kniffler,et al.  ACHTERBAHN-128/80 , 2006 .

[7]  Oliver Kniffler,et al.  Improved Boolean Combining Functions for Achterbahn , 2005 .

[8]  Thomas Siegenthaler,et al.  Decrypting a Class of Stream Ciphers Using Ciphertext Only , 1985, IEEE Transactions on Computers.

[9]  Carlo Harpes,et al.  A Generalization of Linear Cryptanalysis and the Applicability of Matsui's Piling-Up Lemma , 1995, EUROCRYPT.

[10]  Zsolt Kukorelly On the validity of certain hypotheses used in linear cryptanalysis , 1999 .

[11]  Rainer Göttfert,et al.  On the frame length of Achterbahn-128/80 , 2007, 2007 IEEE Information Theory Workshop on Information Theory for Wireless Networks.

[12]  María Naya-Plasencia Cryptanalysis of Achterbahn-128/80 with a New Keystream Limitation , 2007, WEWoRC.

[13]  Serge Vaudenay,et al.  Faster Correlation Attack on Bluetooth Keystream Generator E0 , 2004, CRYPTO.

[14]  María Naya-Plasencia Cryptanalysis of Achterbahn-128/80 , 2007, FSE.

[15]  Kaisa Nyberg,et al.  Correlation Theorems in Cryptanalysis , 2001, Discret. Appl. Math..

[16]  Willi Meier,et al.  Cryptanalysis of Achterbahn , 2006 .

[17]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.