Some Attacks on the Bit-Search Generator
نویسندگان
چکیده
The bit-search generator (BSG) was proposed in 2004 and can be seen as a variant of the shrinking and self-shrinking generators. It has the advantage that it works at rate 1/3 using only one LFSR and some selection logic. We present various attacks on the BSG based on the fact that the output sequence can be uniquely defined by the differential of the input sequence. By knowing only a small part of the output sequence we can reconstruct the key with complexity O(L2). This complexity can be significantly reduced in a data/time tradeoff manner to achieve a complexity of O(L2) if we have O(2) of keystream. We also propose a distinguishing attack that can be very efficient if the feedback polynomial is not carefully chosen.
منابع مشابه
Analysis of the Bit-Search Generator and Sequence Compression Techniques
Algebraic attacks on stream ciphers apply (at least theoretically) to all LFSR-based stream ciphers that are clocked in a simple and/or easily predictable way. One interesting approach to help resist such attacks is to add a component that de-synchronizes the output bits of the cipher from the clock of the LFSR. The Bit-search generator, recently proposed by Gouget and Sibert, is inspired by th...
متن کاملThe Bit-Search Generator
We present the construction of a pseudorandom generator, that we call the Bit-Search Generator (BSG), based on a single input sequence. The construction is related to the so-called Self-Shrinking Generator which is known for its simplicity (conception and implementation-wise) linked with some interesting properties. After presenting the general running, we give a description of the BSG by using...
متن کاملHow to Strengthen Pseudo-random Generators by Using Compression
Sequence compression is one of the most promising tools for strengthening pseudo-random generators used in stream ciphers. Indeed, adding compression components can thwart algebraic attacks aimed at LFSR-based stream ciphers. Among such components are the Shrinking Generator and the Self-Shrinking Generator, as well as recent variations on Bit-Search-based decimation. We propose a general model...
متن کاملSome observations on the Bit-Search Generator
In this short note an alternative definition of the Bit-Search Generator (BSG) is provided. This leads to a discussion of both the security of the BSG and ways in which it might be modified to either improve its rate or increase its security.
متن کاملCryptanalysis of some first round CAESAR candidates
ΑΕS _ CMCCv₁, ΑVΑLΑNCHEv₁, CLΟCv₁, and SILCv₁ are four candidates of the first round of CAESAR. CLΟCv₁ is presented in FSE 2014 and SILCv₁ is designed upon it with the aim of optimizing the hardware implementation cost. In this paper, structural weaknesses of these candidates are studied. We present distinguishing attacks against ΑES _ CMCCv₁ with the complexity of two queries and the success ...
متن کامل