Abstract
The main application of stream ciphers is online-encryption of arbitrarily long data. Many practically used and intensively discussed stream ciphers consist of a small number of linear feedback shift registers (LFSRs) and a compression function that transforms the bitstreams produced by the LFSRs into the output keystream. In 2002, Krause proposed a Binary Decision Diagram (BDD) based attack on this type of ciphers, which ranges among the best generic short-keystream attacks on practically used ciphers such as the A5/1 generator used in GSM and the E 0 generator from the Bluetooth standard. In this paper we show how to extend the BDD-technique to nonlinear feedback shift registers (NFSRs), feedback shift registers with carry (FCSRs), and arbitrary compression functions. We apply our findings to the eSTREAM focus ciphers Trivium, Grain and F-FCSR. In the case of Grain, we obtain the first nontrivial cryptanalytic result besides generic time-memory-data tradeoffs.
Chapter PDF
Similar content being viewed by others
References
Armknecht, F., Krause, M.: Algebraic attacks on combiners with memory. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 162–176. Springer, Heidelberg (2003)
Arnault, F., Berger, T.P., Lauradoux, C.: Update on F-FCSR stream cipher. eSTREAM, ECRYPT Stream Cipher Project, Report 2006/025 (2006), http://www.ecrypt.eu.org/stream
Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000)
The Bluetooth SIG. Specification of the Bluetooth System (February 2001)
Briceno, M., Goldberg, I., Wagner, D.: A pedagogical implementation of A5/1 (May 1999), http://jya.com/a51-pi.htm
Courtois, N.: Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 177–194. Springer, Heidelberg (2003)
de Cannière, C., Preneel, B.: Trivium specifications. eSTREAM, ECRYPT Stream Cipher Project (2005), http://www.ecrypt.eu.org/stream
eSTREAM, ECRYPT stream cipher project. http://www.ecrypt.eu.org/stream
eSTREAM Discussion Forum. A reformulation of Trivium. eSTREAM, ECRYPT Stream Cipher Project, Discussion Forum (2005), http://www.ecrypt.eu.org/stream/phorum/read.php?1,448
Golić, J.: Correlation properties of general binary combiners with memory. Journal of Cryptology 9(2), 111–126 (1996)
Goresky, M., Klapper, A.: Fibonacci and galois representations of feedback-with-carry shift registers. IEEE Transactions on Information Theory 48(11), 2826–2836 (2002)
Hell, M., Johansson, T., Maximov, A., Meier, W.: A stream cipher proposal: Grain-128. eSTREAM, ECRYPT Stream Cipher Project, Report 2005/010 (2005), http://www.ecrypt.eu.org/stream
Klapper, A., Goresky, M.: Feedback shift registers, 2-adic span, and combiners with memory. Journal of Cryptology 10, 111–147 (1997)
Krause, M.: BDD-based cryptanalysis of keystream generators. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 222–237. Springer, Heidelberg (2002)
Krause, M.: OBDD-based cryptanalysis of oblivious keystream generators. Theor. Comp. Sys. 40(1), 101–121 (2007)
Krause, M., Stegemann, D.: Reducing the space complexity of BDD-based attacks on keystream generators. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 163–178. Springer, Heidelberg (2006)
Maximov, A., Biryukov, A.: Two trivial attacks on Trivium. eSTREAM, ECRYPT Stream Cipher Project, Repor 2007/006 (2007), http://www.ecrypt.eu.org/stream
Meier, W., Staffelbach, O.: The self-shrinking generator. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 205–214. Springer, Heidelberg (1995)
Noras, J.: Fast pseudorandom sequence generators: Linear feedback shift registers, cellular automata, and carry feedback shift registers. Technical Report 94, Univ. Bradford Elec. Eng. Dept., Bradford, U.K (1997)
Shaked, Y., Wool, A.: Cryptanalysis of the bluetooth E 0 cipher using OBDDs. Technical report, Cryptology ePrint Archive, Report 2006/072 (2006)
Wegener, I.: Branching Programs and Binary Decision Diagrams: Theory and Applications. SIAM Monographs on Discrete Mathematics and Applications (2000)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Stegemann, D. (2007). Extended BDD-Based Cryptanalysis of Keystream Generators. In: Adams, C., Miri, A., Wiener, M. (eds) Selected Areas in Cryptography. SAC 2007. Lecture Notes in Computer Science, vol 4876. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-77360-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-77360-3_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-77359-7
Online ISBN: 978-3-540-77360-3
eBook Packages: Computer ScienceComputer Science (R0)