Guess-and-Determine Algebraic Attack on the Self-Shrinking Generator
نویسندگان
چکیده
In this paper we propose a new guess-and-determine attack on the self-shrinking generator (SSG), proposed by Meier and Staffelbach at Eurocrypt’94. The main idea of our attack consists in guessing some information about the internal bitstream of SSG, and expressing this information by a system of polynomial equations on the still unknown key bits. From a practical point of view, we show that using a SAT solver, such as MiniSAT, is the best way of solving this polynomial system. As a result, when the Hamming weight of the feedback polynomial (defining the LFSR in SSG) is at most 5, we obtain here a new efficient and practical attack against SSG, improving the method presented by Zhang and Feng at Asiacrypt’06. Our attack also provides the best known time/memory/data tradeoff against SSG.
منابع مشابه
New Guess-and-Determine Attack on the Self-Shrinking Generator
We propose a new type of guess-and-determine attack on the self-shrinking generator (SSG). The inherent flexibility of the new attack enables us to deal with different attack conditions and requirements smoothly. For the SSG with a length L LFSR of arbitrary form, our attack can reliably restore the initial state with time complexity O(2), memory complexity O(L) from O(2)-bit keystream for L ≥ ...
متن کاملAlgebraic Analysis of Shrinking Generator
Algebraic attack is a recently proposed method to analyze the security strength of stream ciphers. This paper provides an comprehensive analysis of the security strength of shrinking generator against the algebraic attack. In our analysis, it will be shown that if the generator is not implemented carefully then it would be highly vulnerable against the algebraic attack. Mathematics Subject Clas...
متن کاملOn the computational complexity of finding a minimal basis for the guess and determine attack
Guess-and-determine attack is one of the general attacks on stream ciphers. It is a common cryptanalysis tool for evaluating security of stream ciphers. The effectiveness of this attack is based on the number of unknown bits which will be guessed by the attacker to break the cryptosystem. In this work, we present a relation between the minimum numbers of the guessed bits and uniquely restricted...
متن کاملThe Switching Generator: New Clock-Controlled Generator with Resistance against the Algebraic and Side Channel Attacks
Since Advanced Encryption Standard (AES) in stream modes, such as counter (CTR), output feedback (OFB) and cipher feedback (CFB), can meet most industrial requirements, the range of applications for dedicated stream ciphers is decreasing. There are many attack results using algebraic properties and side channel information against stream ciphers for hardware applications. Al-Hinai et al. presen...
متن کاملSecurity Analysis of the Generalized Self-shrinking Generator
In this paper, we analyze the generalized self-shrinking generator newly proposed in [8]. Some properties of this generator are described and an equivalent definition is derived, after which two attacks are developed to evaluate its security. The first attack is an improved clock-guessing attack using short keystream with the filter function (vector G) known. The complexity of this attack is O(...
متن کامل