New Guess-and-Determine Attack on the Self-Shrinking Generator

We propose a new type of guess-and-determine attack on the self-shrinking generator (SSG). The inherent flexibility of the new attack enables us to deal with different attack conditions and requirements smoothly. For the SSG with a length L LFSR of arbitrary form, our attack can reliably restore the initial state with time complexity O(20.556 L), memory complexity O(L2) from O(20.161L)-bit keystream for L≥100 and time complexity O(20.571 L), memory complexity O(L2) from O(20.194 L)-bit keystream for L< 100. Therefore, our attack is better than all the previously known attacks on the SSG and especially, it compares favorably with the time/memory/data tradeoff attack which typically has time complexity O(20.5 L), memory complexity O(20.5 L) and data complexity O(20.25 L)-bit keystream after a pre-computation phase of complexity O(20.75 L). It is well-known that one of the open research problems in stream ciphers specified by the European STORK (Strategic Roadmap for Crypto) project is to find an attack on the self-shrinking generator with complexity lower than that of a generic time/memory/data tradeoff attack. Our result is the best answer to this problem known so far.

[1]  Alex Biryukov,et al.  Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers , 2000, ASIACRYPT.

[2]  Hugo Krawczyk,et al.  The Shrinking Generator: Some Practical Considerations , 1993, FSE.

[3]  Leonie Ruth Simpson,et al.  A Probabilistic Correlation Attack on the Shrinking Generator , 1998, ACISP.

[4]  Frederik Armknecht,et al.  Improving Fast Algebraic Attacks , 2004, FSE.

[5]  Simon R. Blackburn,et al.  The linear complexity of the self-shrinking generator , 1999, IEEE Trans. Inf. Theory.

[6]  Antoine Joux,et al.  Fast Correlation Attacks: An Algorithmic Point of View , 2002, EUROCRYPT.

[7]  Matthias Krause,et al.  Reducing the Space Complexity of BDD-Based Attacks on Keystream Generators , 2006, FSE.

[8]  Anne Canteaut,et al.  Improved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5 , 2000, EUROCRYPT.

[9]  Willi Meier,et al.  A note on the selfshrinking generator , 2003, IEEE International Symposium on Information Theory, 2003. Proceedings..

[10]  Igor E. Shparlinski,et al.  On Some Properties of the Shrinking Generator , 2001, Des. Codes Cryptogr..

[11]  James L. Massey,et al.  Shift-register synthesis and BCH decoding , 1969, IEEE Trans. Inf. Theory.

[12]  Frederik Armknecht,et al.  Algebraic Attacks on Combiners with Memory , 2003, CRYPTO.

[13]  Miodrag J. Mihaljevic A faster cryptanalysis of the self-shrinking generator , 1996, ACISP.

[14]  Hugo Krawczyk,et al.  The Shrinking Generator , 1994, CRYPTO.

[15]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[16]  Zhe-xian Wan,et al.  Geometry of classical groups over finite fields and its applications , 1997, Discret. Math..

[17]  Jovan Dj. Golic Correlation Analysis of the Shrinking Generator , 2001, CRYPTO.

[18]  Thomas Johansson,et al.  Fast Correlation Attacks through Reconstruction of Linear Polynomials , 2000, CRYPTO.

[19]  Willi Meier,et al.  Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[20]  Stefan Lucks,et al.  Improved Cryptanalysis of the Self-Shrinking Generator , 2001, ACISP.

[21]  Jovan Dj. Golic,et al.  Embedding and Probabilistic Correlation Attacks on Clock-Controlled Shift Registers , 1994, EUROCRYPT.

[22]  Thomas Johansson Reduced Complexity Correlation Attacks on Two Clock-Controlled Generators , 1998, ASIACRYPT.

[23]  Willi Meier,et al.  The Self-Shrinking Generator , 1994, EUROCRYPT.

[24]  Thomas Johansson,et al.  Improved Fast Correlation Attacks on Stream Ciphers via Convolutional Codes , 1999, EUROCRYPT.

[25]  Nicolas Courtois Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[26]  Solomon W. Golomb,et al.  Shift Register Sequences , 1981 .

[27]  Chung-Huang Yang,et al.  On the Linear Consistency Test (LCT) in Cryptanalysis with Applications , 1989, CRYPTO.

[28]  Hideki Imai,et al.  Fast Correlation Attack Algorithm with List Decoding and an Application , 2001, FSE.

[29]  Willi Meier,et al.  Fast correlation attacks on certain stream ciphers , 1989, Journal of Cryptology.

[30]  Hideki Imai,et al.  A Low-Complexity and High-Performance Algorithm for the Fast Correlation Attack , 2000, FSE.

[31]  Matthias Krause BDD-Based Cryptanalysis of Keystream Generators , 2002, EUROCRYPT.