Embedding and Probabilistic Correlation Attacks on Clock-Controlled Shift Registers

Embedding and probabilistic correlation attacks on clock-controlled shift registers that are clocked at least once per output symbol are deened in general and are analyzed in the unconstrained case, with an arbitrary number of deletions at a time, and in the constrained case, with at most d deletions at a time. It is proved that the unconstrained embedding attack is successful if and only if the deletion rate is smaller than one half and if the length of the observed keystream sequence is greater than a value linear in the shift register length r. It is shown how to compute recursively the joint probability which is a basis for the unconstrained probabilistic attack with independent deletions. The eeciency of the attack is characterized in terms of the capacity of the corresponding communication channel with independent deletions and it is concluded that the probabilistic attack is successful for any deletion rate smaller than one if the given keystream sequence is suuciently long, also linearly in r. It is proved that the constrained embedding attack is successful for any d and the minimum necessary length of the known output sequence is shown to be linear in r, and at least exponential and at most superexponential in d. This demonstrates that making d large can not ensure the theoretical security against the attack, but can considerably improve the practical security.