A Note on Automata-based Dynamic Convolutional Cryptosystems

In [1], the automata-based dynamic convolutional cryptosystem is proposed and analyzed; the author claims that “finding partial information about the cipher is quite easy, and the main idea of such an attack, described in detail in Section 4.1, is based on Gaussian elimination.” But the deduction supporting this claim in Section 4.1 of [1] cannot work. It seems that this cipher is not so weak so far. 1 Definition of ADCC Recall some definitions. 1 A finite automaton, say M , is a quintuple 〈X, Y, S, δ, λ〉, where X is a nonempty finite set (the input alphabet of M), Y a nonempty finite set (the output alphabet of M), S a nonempty finite set (the state alphabet of M), δ : S ×X → S a single-valued mapping (the next state function of M), and λ : S×X → Y a single-valued mapping (the output function of M). For any set A, we use A∗ to denote the set of all words (finite sequences) over A including the empty word ε. Expand the domains of δ and λ to S ×X∗ as follows. δ(s, ε) = s, δ(s, αx) = δ(δ(s, α), x), λ(s, ε) = ε, λ(s, αx) = λ(s, α)λ(δ(s, α), x), s ∈ S, x ∈ X, α ∈ X∗. In [1], Trincă proposed a symmetric cryptosystem, named automata-based dynamic convolutional cryptosystem (ADCC for short) with q states. The encoder of an ADCC is a finite automaton, say M = 〈X, Y, S, δ, λ〉, where X and Y are the k-dimensional row vector space over GF (2) (the field with 2 elements), S = Xm×{1, . . . , q} = {〈x−1, . . . , x−m, w〉 | xi ∈ X, i = −1, . . . ,−m,w = 1, . . . , q}, q and m being two positive integers, δ(〈x−1, . . . , x−m, w〉, x0) = 〈x0, . . . , x−m+1, f(w, x0)〉, λ(〈x−1, . . . , x−m, w〉, x0) = m ∑