its weaknesses. The ASG consists of three subgenerators K,fl,
|
|
- Bernadette Chambers
- 5 years ago
- Views:
Transcription
1 ALTERNATING STEP GENERATORS CONTROLLED BY DE BRUIJN SEQUENCES C.G. Giinther Brown Boveri Research Center 5405 Baden, Switzerland ABSTRACT The alternating step generator (ASG) is a new generator of pseudo- random sequences which is closely related to the stop-and-go generator. It shares all the good properties of this latter generator without POsessing its weanesses. The ASG consists of three subgenerators K,fl, and ;"i - The main characteristic of its structure is that the output of one of the subgenerators, K, controls the cloc of the two others, fl and. In the present contribution, we determine the period, the distribution of short patterns and a lower bound for the linear complexity of the sequences generated by an ASG. The proof of the lower bound is greatly simplified by assuming that K generates a de Bruijn sequence. Under this and other not very restrictive assumptions the period and the linear complexity are found to be proportional to the period of the de Bruijn sequence. Furthermore the frequency of all short patterns as well as the autocorrelations turn out to be ideal. This means that the sequences generated by the ASG are provably secure against the standard attacs. 1. INTRODUCTION In stream cipher cryptography messages are usualy combined with pseudorandom sequences by modular addition. Therefore, schemes for the generation of such sequences are important. They are generally based on finite state machines and most frequently on linear feedbac shift registers (LFSR's). To avoid certain classes of attacs, these se- quences are required to have a large period, a high linear complexity and good statistical properties. D. Chaum and W.L. Price (Eds.): Advances in Cryptology - EUROCRYPT '87, LNCS 304, pp. 5-14, Springer-Verlag Berlin Heidelberg 1988
2 6 In one approach to the generation of these sequences, the cloc of an LFSR is controlled by the output of another LFSR. Examples of generators based on this principle are various inds of stop-and-go generators [1]-[5] and binary rate multipliers [6]. Both types of generators easily produce sequences of large period and high linear complexity (exponential in the length of the register which controls the cloc). The binary rate multipliers furthermore generate sequences with good statistical properties. One disadvantage of these generators is, however, that they need several cloc cycles for the generation of one single pseudorandom bit. Amongst the various inds of stop-and-go generators we consider the following one:, Fig. 1 In this generator the output of fl is repeated each time the K register produces a "0". On the one side, this leads, under suitable conditions, to a large period and a high linear complexity, on the other side, this always implies bad statistics (eg. p(00) 3 2 p(1l) B z, p(o1) = 1 p(10) 8). Furthermore, the fact that the output ut can only change if K~ = 1, determines one half of all the lllllis present in the sequence K. This can strongly reduce the effort needed to reconstruct K. Similar weanesses exist in all nown stop-and-go gecerators.
3 7 11. THE ALTERNATING STEP GENERATOR The alternating step generator (ASG) is closely related to the stop-and-go generator. Noteworthy is that it has all the good proper- ties of the latter generator but does not share its weanesses. The ASG consists of three subgeneratorsk,fl and 3, which are interconnected such that fl and # are cloced when the output of K equals "1" and "0". respectively (Fig. 2). Mathematically, this generator can be described as follows: let K, and they are independently cloced. In addition, let ft: = P t be the sequences generated by the subgenerators K, fl and 3, when = t-ft, then the output ut is described by t-1 1 s=o K~ and p W t = ft In practice the sequences K, 1.1 amd will typically be either maximum length linear recurring sequences (m-sequences) or linear recurring sequences. In the present paper, however, K will be assumed to be a de Bruijn sequence [7]. Such a sequence can easily be obtained from an in-sequence. In the case of a de Bruijn sequence, the proof for a lower bound on the linear complexity becomes particularly simple. A treatment of the case in which K, p and are all linear recurring sequences as well as some clues on the cascading of the structure can be found in [a]. The only attac on the ASG we could find so far is a correlation attac on K [9]. In the present case, however, it does not substan-
4 tially reduce the effort to brea the system. In this correlation attac (Fig. 3) a trial sequence 2 is correlated with K using the relation cloc w delay t > m,~ J A S G - t Vt Fortunately, this attac only reduces the effort to brea the system to essentially the third root of the effort needed for an exhaustive search. For typical parameters K = T(K) * Zlz7 it would need 10 years to search through all phases if 10 phases could be tested per second. In the following section the results on the period, linear complexity and frequencies of short patterns are presented.
5 9 111 THE MAIN RESULTS Theorem 1: (period and linear complexity) Assn: a) K is a de Bruijn sequence of period K = 2, b) the characteristic polynomials p(x) and G(x) of p and c are irreducible and different and have the degrees m and iii and the periods M and w, respectively, c) M, 5 > 1 ; gcd(m,fi) = 1. Under these assumptions the period T and the linear complexity L of w satisfy the following relations: T = 2% (3) Proof: Using that p(x) and G(x) are relatively prime, the proof follows immediatly ( [ [ 111 ) from i) s:=t(~~) = 2% ii) the characteristic polynomial of pf has the form p(x)i with Z-l ( 2 5 2, and corresponding assertions for ci. The proof of i) only requires 2#M, which is implied by the irreducibility of p(x) [lo]. It reads as follows: The defining equation of S, i.e. - pft, Y t E 2, implies ft+s = ft (mod M), V t E Z. With M > 1 %+S the difference of this equation and of the corresponding equation for t+l, i-e. K ~ f + K~ ~ (mod M), becomes K ~ = + K ~ 1.e., S = ~ 2 As ~ a. de Bruijn sequence is "1" with frequency one half, this implies f + y2-1 5 ft (mod M) and as 2+M: y = M, 1.e. S = 2%. ' t The proof of ii) is very similar to that of the lower bound for the linear complexity of a de Bruijn sequence [12]. Let D be the time rn shift operator i D K = ~ K ~ and - ~ let p(x) ni x, then i=o
6 10 m P(D2 )I.I ni p ft i=o ft-i2 m = $ A - 1 i=o i "ft-i2 where = o, - - and 5 were defined by % = ft and Dpz = p"t1. This equation implies that the characteristic polynomial of pft must divide p(xz ) = p ( ~ ) 1.e. ~ ~ it, must have the form p(x)', with Now assume 2 - < 2-1, then p(xf I (xm-l)a I (xm-l) 2-l = M x ' 2 - ' -1 I which contradicts S = 2%. This completes the proof. 0 The results of theorem 1 are easily adapted to the case that no assumptions are made on p(x) and p(x): T = 2% Z+l < L 5 (rn+iii)2. The proof is based on the fact that gcd(m,i) = 1 implies gcd(p(x),p(x)) I x-1 and can easily be figured out. The following theorem on the frequency of patterns holds for almost arbitrary K. However, we will restrict ourselves to the case where K 1s a de Bruijn sequence, since we would otherwise need a more general assertion on the period. For a more general statement we refer to [81. In this theorem we use the notation Z/(T):= {O,l,-..,T-1~-
7 11 Theorem 2: (frequency of short patterns) & s s ~ ~ : a) K is a de Bruijn sequence of period K = 2, b) p and are m-sequences with the periods M = 2m-l and fi = 2m-l, respectively, c) gcd (M,M) = 1. Under these assumptions the frequency of any pattern a of length i 5 min (m,m) is 2-' up to an error of order O(-&) 1 + O(-), 2m-% i.e. a for any a = (a 0 I..., 'se-l) I0,lI. (9) Remar : We note that the deviation of this distribution from an ideal one is very similar to the corresponding deviation for an m-sequence. In addition, this deviation is due to the corresponding deviation for m-sequences. Proof of theorem 2: Let t E Z/(T) be represented in the form t = 1: + (s+em)2, r E 2/(2 ), s B Z/(M), s E Z/(fi) and let us first consider the frequency of patterns for a fixed r E Z/(2 ). Let p = p(r) and p = p(r) be defined by - p o : = O, po:=ao, for i E Z/(.Q-l)- Then a can be decomposed into (i E Z/(i)) - ai = pi.
8 12 For the matching condition at time t W t+i = ui, i E Z/(A), this implies i;- = pi, i E z/(a). ft+i ft+i Using the following relations i E Z/(A-1), the sum of equation (13) and of the corresponding equation for i+l becomes: (i E Z/(g-l)) This has two solutions: (i E - 1-I - Pi ft+i Z/(a)) - - IJ- - Pi ft+i and The number of solutions to this equation is equal to the number Of occurences of the pattern u in the sequence ~ ~+(~+;~)~, s E Z/(M), 5 E Z/(&), 1.e. to the quantity we want to determine.
9 13 Without restricting ourselves we consider the solutions of equation (16a). Maing use of the fact that K has the period K = 2 K-1 2-l and that.i K~ =, this equation becomes: (i E Z/(Q)) s =o 'fr+i + s2-1 = i ' (17) IJ- + (S+ZM)24 = p. 1 * fr+i Let 4r: = fr+e-l - fr, then the assumptions 2jM and 1.1 an m-sequence imply that equation (17) has Zm-@r-l solutions if p # 0. Let Jr = i-l-~$~, #en similarly 2#& - gcd (M,fi) = 1 and an m-sequence imply that equation (,18) has 2m-@r-1 solutions if p' f 0. This remains true 1 for p = 0 and/or p' = 0 if we accept an error of at most 0 ( ~ + ) 1 O ( p ). Clearly the same result also holds for equation (16b). Hence the total number of solutions to equation (12) is 2*2m''r-1 2K-'r'1 = 2m+iii-a, which is independent of r. This finally implies that the frequency of the pattern a is given by 2m+m-Q + O(- 1 6 and thereby yields the assertion. c] IV. CONCLUDING REMARKS Under suitable assumptions the alternating step generator (ASG) is a simple and very efficient pseudorandom number generator. It 1s fast and provably satisfies the usual criteria. The autocorrelations, which were not dealt with in the present paper, are also ideal for a large range of delays ( E Z/(K)). [S] The structure of the ASG is favorable to cascading, i.e. to have one or several of the subgenerators K, 17 and being ASG's themselves. This is further discussed in [8].
10 14 SELECTED REFEFENCES S.A. Tretter, "Properties of PN2 sequences", IEEE Trans. Inform. Theory, vol. IT-20, pp , March K. Kjeldsen and E. Andresen, IISome randomness properties of cascaded sequences", IEEE Trans. Inform. Theory, vol. IT-26, pp , March T. Beth and F. Piper, "The stop-and-go-generator", in Proc. of EUROCRYPT 84, Springer Lect. Notes in Comp. Science, vol. 209, pp R. Vogel, "On the linear complexity of cascaded sequences", in Proc. of EUROCRYPT 84, Springer Lect. Notes in Comp. Science, vol. 209, pp D. Gollman, "Pseudo random properties of cascade connections Of cloc controlled shift registers", in Proc. of EUROCRYPT 84, Springer Lect. Notes in Comp. Science, vol. 209, pp W.G. Chambers and S.M. Jennings, "Linear equivalence of certain BRM shiftregister sequences", Electronics Letters, vol. 20, pp , Nov N.G. de Bruijn, "A combinatorial problem", Proc. K. Ned. Aad. Wet., vol. 49, pp , C.G. Gunther, "Alternating step generators", submitted to IEEE Trans. on Inform. Theory. T. Siegenthaler, "Correlation-immunity of non-linear combining functions for cryptographic applications", IEEE Trans. on Inform. Theory, vol. IT-30, pp , Sept N. Zierler, "Linear recurring sequencess1, J. SOC. Indust. Appl. Math., VOl. 7, pp , March E.S. Selmer, Linear Recurrence Relations Over Finite Fields, Department of Mathematics, University of Bergen, Norway A.H. Chan, R.A. Games and E.L. Key, "On the complexities of de Bruijn sequences", J. of Comb. Theory, Series A, vol. 33, pp , 1982.
of how many there are
Windmill Generators A generalization and an observation of how many there are B.J.M. Smeets') W.G. Chambers') '1 Dept of Inform. Theory University of Lund Box 118, S-222 46, Lund, Sweden 2, Dept of Eletronic
More informationModified Alternating Step Generators
Modified Alternating Step Generators Robert Wicik, Tomasz Rachwalik Military Communication Institute Warszawska 22A, 05-130 Zegrze, Poland {r.wicik, t.rachwalik}@wil.waw.pl Abstract. Irregular clocking
More informationOn the Linear Complexity of Feedback Registers
On the Linear Complexity of Feedback Registers (extended abstract) A. H. Chan M. Goresky A. Klapper ru ortheastern University College of Computer Science 360 Huntington Ave. Boston, MA, 02113 ABSTRACT
More informationOn the distinctness of binary sequences derived from primitive sequences modulo square-free odd integers
On the distinctness of binary sequences derived from primitive sequences modulo square-free odd integers Qun-iong Zheng, Wen-Feng Qi and Tian Tian y August 2, 20 Abstract Let M be a square-free odd integer
More informationDistinguishing Stream Ciphers with Convolutional Filters
Distinguishing Stream Ciphers with Convolutional Filters Joan Daemen and Gilles Van Assche STMicroelectronics Smart Cards ICs Division Excelsiorlaan 44 46, 930 Zaventem, Belgium February 5, 2005 Abstract
More informationDesign of Pseudo-Random Spreading Sequences for CDMA Systems
Design of Pseudo-Random Spreading Sequences for CDMA Systems Jian Ren and Tongtong Li Department of Electrical and Computer Engineering Michigan State University, 2120 Engineering Building East Lansing,
More informationAppendix A. Pseudo-random Sequence (Number) Generators
Communication Systems Security, Appendix A, Draft, L. Chen and G. Gong, 2008 1 Appendix A. Pseudo-random Sequence (Number) Generators In this appendix, we introduce how to design pseudo-random sequence
More informationOn the Distribution of the Subset Sum Pseudorandom Number Generator on Elliptic Curves
On the Distribution of the Subset Sum Pseudorandom Number Generator on Elliptic Curves Simon R. Blacburn Department of Mathematics Royal Holloway University of London Egham, Surrey, TW20 0EX, UK s.blacburn@rhul.ac.u
More informationNON-LINEAR COMPLEXITY OF THE NAOR REINGOLD PSEUDO-RANDOM FUNCTION
NON-LINEAR COMPLEXITY OF THE NAOR REINGOLD PSEUDO-RANDOM FUNCTION William D. Banks 1, Frances Griffin 2, Daniel Lieman 3, Igor E. Shparlinski 4 1 Department of Mathematics, University of Missouri Columbia,
More informationImproved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5
Improved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5 Anne Canteaut 1 and Michaël Trabbia 1,2 1 INRIA projet CODES B.P. 105 78153 Le Chesnay Cedex - France Anne.Canteaut@inria.fr
More informationA SYSTEMATIC ATTACK ON CLOCK CONTROLLED CASCADES. Fondazione Ugo Bordoni Roma, Italy Fax:
A SYSTEMATIC ATTACK ON CLOCK CONTROLLED CASCADES Renato Menicocci Fondazione Ugo Bordoni Via B. Castiglione,'59 00142 Roma, Italy Fax: +39 6 5480 4403 Email: cripto @itcaspur.bimet Abstract. Cascades of
More informationSubquadratic Computational Complexity Schemes for Extended Binary Field Multiplication Using Optimal Normal Bases
1 Subquadratic Computational Complexity Schemes for Extended Binary Field Multiplication Using Optimal Normal Bases H. Fan and M. A. Hasan March 31, 2007 Abstract Based on a recently proposed Toeplitz
More informationFast Algebraic Immunity of 2 m + 2 & 2 m + 3 variables Majority Function
Fast Algebraic Immunity of 2 m + 2 & 2 m + 3 variables Majority Function Yindong Chen a,, Fei Guo a, Liu Zhang a a College of Engineering, Shantou University, Shantou 515063, China Abstract Boolean functions
More informationA UNIVERSAL ALGORITHM FOR HOMOPHONIC CODING
A UNIVERSAL ALGORITHM FOR HOMOPHONIC CODING Christoph G. Gunther Asea Brown Boveri Corporate Research CH-5405 Baden, Switzerland ABSTRACT This contribution describes a coding technique which transforms
More informationLinear Cellular Automata as Discrete Models for Generating Cryptographic Sequences
Linear Cellular Automata as Discrete Models for Generating Cryptographic Sequences A Fúster-Sabater P Caballero-Gil 2 Institute of Applied Physics, CSIC Serrano 44, 286 Madrid, Spain Email: amparo@ieccsices
More informationOn the k-error linear complexity for p n -periodic binary sequences via hypercube theory
1 On the k-error linear complexity for p n -periodic binary sequences via hypercube theory Jianqin Zhou Department of Computing, Curtin University, Perth, WA 6102 Australia Computer Science School, Anhui
More informationPredicting Subset Sum Pseudorandom Generators
Predicting Subset Sum Pseudorandom Generators Joachim von zur Gathen 1 and Igor E Shparlinsi 2 1 Faultät für Eletrotechni, Informati und Mathemati, Universität Paderborn, 33095 Paderborn, Germany gathen@upbde
More informationMinimal polynomials of the modified de Bruijn sequences
Discrete Applied Mathematics 156 (2008) 1549 1553 www.elsevier.com/locate/dam Minimal polynomials of the modified de Bruijn sequences Gohar M. Kyureghyan Department of Mathematics, Otto-von-Guericke University
More informationA New Algorithm to Compute Terms in Special Types of Characteristic Sequences
A New Algorithm to Compute Terms in Special Types of Characteristic Sequences Kenneth J. Giuliani 1 and Guang Gong 2 1 Dept. of Mathematical and Computational Sciences University of Toronto at Mississauga
More informationNonlinear Equivalence of Stream Ciphers
Sondre Rønjom 1 and Carlos Cid 2 1 Crypto Technology Group, Norwegian National Security Authority, Bærum, Norway 2 Information Security Group, Royal Holloway, University of London Egham, United Kingdom
More informationPREDICTING MASKED LINEAR PSEUDORANDOM NUMBER GENERATORS OVER FINITE FIELDS
PREDICTING MASKED LINEAR PSEUDORANDOM NUMBER GENERATORS OVER FINITE FIELDS JAIME GUTIERREZ, ÁLVAR IBEAS, DOMINGO GÓMEZ-PEREZ, AND IGOR E. SHPARLINSKI Abstract. We study the security of the linear generator
More informationM 2 + s 2. Note that the required matrix A when M 2 + s 2 was also obtained earlier by Gordon [2]. (2.2) x -alxn-l-aex n-2 an
SIAM J. ALG. DISC. METH. Vol. 1, No. 1, March 1980 1980 Society for. Industrial and Applied Mathematics 0196-52/80/0101-0014 $01.00/0 ON CONSTRUCTION OF MATRICES WITH DISTINCT SUBMATRICES* SHARAD V. KANETKAR"
More informationCryptanalysis of the Knapsack Generator
Cryptanalysis of the Knapsack Generator Simon Knellwolf and Willi Meier FHNW, Switzerland Abstract. The knapsack generator was introduced in 1985 by Rueppel and Massey as a novel LFSR-based stream cipher
More informationPrivate-key Systems. Block ciphers. Stream ciphers
Chapter 2 Stream Ciphers Further Reading: [Sim92, Chapter 2] 21 Introduction Remember classication: Private-key Systems Block ciphers Stream ciphers Figure 21: Private-key cipher classication Block Cipher:
More informationLinear Feedback Shift Registers
Linear Feedback Shift Registers Pseudo-Random Sequences A pseudo-random sequence is a periodic sequence of numbers with a very long period. Golomb's Principles G1: The # of zeros and ones should be as
More informationMaximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers
Maximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers Muxiang Zhang 1 and Agnes Chan 2 1 GTE Laboratories Inc., 40 Sylvan Road LA0MS59, Waltham, MA 02451 mzhang@gte.com 2 College of Computer
More informationSequences, DFT and Resistance against Fast Algebraic Attacks
Sequences, DFT and Resistance against Fast Algebraic Attacks Guang Gong Department of Electrical and Computer Engineering University of Waterloo Waterloo, Ontario N2L 3G1, CANADA Email. ggong@calliope.uwaterloo.ca
More informationChapter 6 Reed-Solomon Codes. 6.1 Finite Field Algebra 6.2 Reed-Solomon Codes 6.3 Syndrome Based Decoding 6.4 Curve-Fitting Based Decoding
Chapter 6 Reed-Solomon Codes 6. Finite Field Algebra 6. Reed-Solomon Codes 6.3 Syndrome Based Decoding 6.4 Curve-Fitting Based Decoding 6. Finite Field Algebra Nonbinary codes: message and codeword symbols
More informationImproved Cascaded Stream Ciphers Using Feedback
Improved Cascaded Stream Ciphers Using Feedback Lu Xiao 1, Stafford Tavares 1, Amr Youssef 2, and Guang Gong 3 1 Department of Electrical and Computer Engineering, Queen s University, {xiaolu, tavares}@ee.queensu.ca
More informationFiltering Nonlinear Feedback Shift Registers using Welch-Gong Transformations for Securing RFID Applications
Filtering Nonlinear Feedback Shift Registers using Welch-Gong Transformations for Securing RFID Applications Kalikinkar Mandal, and Guang Gong Department of Electrical and Computer Engineering University
More informationConstruction of Galois Fields of Characteristic
Construction of Galois Fields of Characteristic Two and Irreducible Polynomials By J. D. Swift 1. Introduction. The primary purpose of this paper is to provide a practical method of constructing Galois
More informationEfficient FPGA Implementations and Cryptanalysis of Automata-based Dynamic Convolutional Cryptosystems
Efficient FPGA Implementations and Cryptanalysis of Automata-based Dynamic Convolutional Cryptosystems Dragoş Trincă Department of Computer Science and Engineering University of Connecticut Storrs CT 06269
More informationThe Filter-Combiner Model for Memoryless Synchronous Stream Ciphers
The Filter-Combiner Model for Memoryless Synchronous Stream Ciphers Palash Sarkar Cryptology Research Centre Applied Statistics Unit Indian Statistical Institute 203, B.T. Road, Kolkata 700035 India palash@isical.ac.in
More informationParallel Generation of l-sequences
Parallel Generation of l-sequences Cédric Lauradoux 1 and Andrea Röck 2 1 Princeton University, Department of electrical engineering Princeton, NJ 08544, USA claurado@princeton.edu 2 Team SECRET, INRIA
More informationarxiv: v1 [cs.it] 12 Jun 2016
New Permutation Trinomials From Niho Exponents over Finite Fields with Even Characteristic arxiv:606.03768v [cs.it] 2 Jun 206 Nian Li and Tor Helleseth Abstract In this paper, a class of permutation trinomials
More informationDivision of Trinomials by Pentanomials and Orthogonal Arrays
Division of Trinomials by Pentanomials and Orthogonal Arrays School of Mathematics and Statistics Carleton University daniel@math.carleton.ca Joint work with M. Dewar, L. Moura, B. Stevens and Q. Wang
More informationAn Implementation of Ecient Pseudo-Random Functions. Michael Langberg. March 25, Abstract
An Implementation of Ecient Pseudo-Random Functions Michael Langberg March 5, 1998 Abstract Naor and Reingold [3] have recently introduced two new constructions of very ecient pseudo-random functions,
More informationShort Exponent Diffie-Hellman Problems
Short Exponent Diffie-Hellman Problems Takeshi Koshiba 12 and Kaoru Kurosawa 3 1 Secure Computing Lab., Fujitsu Laboratories Ltd. 2 ERATO Quantum Computation and Information Project, Japan Science and
More informationA GENERAL FRAMEWORK FOR GUESS-AND-DETERMINE AND TIME-MEMORY-DATA TRADE-OFF ATTACKS ON STREAM CIPHERS
A GENERAL FRAMEWORK FOR GUESS-AND-DETERMINE AND TIME-MEMORY-DATA TRADE-OFF ATTACKS ON STREAM CIPHERS Guanhan Chew, Khoongming Khoo DSO National Laboratories, 20 Science Park Drive, Singapore 118230 cguanhan,kkhoongm@dso.org.sg
More informationFast correlation attacks on certain stream ciphers
FSE 2011, February 14-16, Lyngby, Denmark Fast correlation attacks on certain stream ciphers Willi Meier FHNW Switzerland 1 Overview A decoding problem LFSR-based stream ciphers Correlation attacks Fast
More informationTowards Provable Security of Substitution-Permutation Encryption Networks
Towards Provable Security of Substitution-Permutation Encryption Networks Zhi-Guo Chen and Stafford E. Tavares Department of Electrical and Computer Engineering Queen s University at Kingston, Ontario,
More informationComputer Investigation of Difference Sets
Computer Investigation of Difference Sets By Harry S. Hayashi 1. Introduction. By a difference set of order k and multiplicity X is meant a set of k distinct residues n,r2,,rk (mod v) such that the congruence
More informationDesign of Filter Functions for Key Stream Generators using Boolean Power Functions Jong-Min Baek
Design of Filter Functions for Key Stream Generators using Boolean Power Functions Jong-Min Baek The Graduate School Yonsei University Department of Electrical and Electronic Engineering Design of Filter
More informationDigital Signature Scheme Based on a New Hard Problem
Computer Science Journal of Moldova, vol.16, no.2(47), 2008 Digital Signature Scheme Based on a New Hard Problem Niolay A. Moldovyan Abstract Factorizing composite number n = qr, where q and r are two
More informationModified Berlekamp-Massey algorithm for approximating the k-error linear complexity of binary sequences
Loughborough University Institutional Repository Modified Berlekamp-Massey algorithm for approximating the k-error linear complexity of binary sequences This item was submitted to Loughborough University's
More informationSearching for Nonlinear Feedback Shift Registers with Parallel Computing
Searching for Nonlinear Feedback Shift Registers with Parallel Computing Przemysław Dąbrowski, Grzegorz Łabuzek, Tomasz Rachwalik, Janusz Szmidt Military Communication Institute ul. Warszawska 22A, 05-130
More informationI. INTRODUCTION BINARY SEQUENCE GENERATOR THE NUIBER OF OUTPUT SEQUENCES OF A. (BSG) for cryptographic or spread-spectrum applications is the number
THE NUIBER OF OUTPUT SEQUENCES OF A BINARY SEQUENCE GENERATOR Jovan Dj. GoliC Institute of Applied Hathematics and Electronics. Belgrade School of Electrical Engineering, University of Belgrade. Yugoslavia
More informationLinear Cellular Automata as Discrete Models for Generating Cryptographic Sequences
Linear Cellular Automata as Discrete Models for Generating Cryptographic Sequences Pino Caballero-Gil Faculty of Mathematics. University of La Laguna 38271. La Laguna, Tenerife, Spain. pcaballe@ull.es
More informationEfficient Conversion of Secret-shared Values Between Different Fields
Efficient Conversion of Secret-shared Values Between Different Fields Ivan Damgård and Rune Thorbek BRICS, Dept. of Computer Science, University of Aarhus Abstract. We show how to effectively convert a
More informationCryptographic D-morphic Analysis and Fast Implementations of Composited De Bruijn Sequences
Cryptographic D-morphic Analysis and Fast Implementations of Composited De Bruijn Sequences Kalikinkar Mandal, and Guang Gong Department of Electrical and Computer Engineering University of Waterloo Waterloo,
More information2 Description of McEliece s Public-Key Cryptosystem
1 A SOFTWARE IMPLEMENTATION OF THE McELIECE PUBLIC-KEY CRYPTOSYSTEM Bart Preneel 1,2, Antoon Bosselaers 1, René Govaerts 1 and Joos Vandewalle 1 A software implementation of the McEliece public-key cryptosystem
More informationCryptanalysis of Achterbahn
Cryptanalysis of Achterbahn Thomas Johansson 1, Willi Meier 2, and Frédéric Muller 3 1 Department of Information Technology, Lund University P.O. Box 118, 221 00 Lund, Sweden thomas@it.lth.se 2 FH Aargau,
More informationDe Bruijn Sequences from Nonlinear Feedback Shift Registers
De Bruijn Sequences from Nonlinear Feedback Shift Registers Ming Li and Dongdai Lin State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing
More informationOn Welch-Gong Transformation Sequence Generators
On Welch-Gong Transformation Sequence Generators G. Gong and A.M. Youssef Center for Applied Cryptographic Research, Department of Combinatorics and Optimization, University of Waterloo, Waterloo, Ontario
More informationModular Multiplication in GF (p k ) using Lagrange Representation
Modular Multiplication in GF (p k ) using Lagrange Representation Jean-Claude Bajard, Laurent Imbert, and Christophe Nègre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier
More informationCRYPTANALYSIS OF A MODIFIED ROTOR MACHINE
CRYPTANALYSIS OF A MODIFIED ROTOR MACHINE Peer Wichmann Institut Universitgt Karlsruhe fiir Algorithmen u. kognitive Systeme 1 Introduction In some operating systems one can find a modified rotor machine
More informationJournal of Cryptology International Association for Cryptologic Research
J. Cryptology (1991) 3:149-155 Journal of Cryptology 9 1991 International Association for Cryptologic Research On the Chor-Rivest Knapsack Cryptosystem 1 H. W. Lenstra, Jr. Department of Mathematics, University
More informationIdeals over a Non-Commutative Ring and their Application in Cryptology
Ideals over a Non-Commutative Ring and their Application in Cryptology E. M. Gabidulin, A. V. Paramonov and 0. V. Tretjakov Moscow Institute of Physics and Technology 141700 Dolgoprudnii Moscow Region,
More informationA Pseudo-Random Encryption Mode
A Pseudo-Random Encryption Mode Moni Naor Omer Reingold Block ciphers are length-preserving private-key encryption schemes. I.e., the private key of a block-cipher determines a permutation on strings of
More informationThere are no Barker arrays having more than two dimensions
There are no Barker arrays having more than two dimensions Jonathan Jedwab Matthew G. Parker 5 June 2006 (revised 7 December 2006) Abstract Davis, Jedwab and Smith recently proved that there are no 2-dimensional
More informationSmart Hill Climbing Finds Better Boolean Functions
Smart Hill Climbing Finds Better Boolean Functions William Millan, Andrew Clark and Ed Dawson Information Security Research Centre Queensland University of Technology GPO Box 2434, Brisbane, Queensland,
More informationThe LILI-128 Keystream Generator
The LILI-128 Keystream Generator E. Dawson 1 A. Clark 1 J. Golić 2 W. Millan 1 L. Penna 1 L. Simpson 1 1 Information Security Research Centre, Queensland University of Technology GPO Box 2434, Brisbane
More information1 Introduction. 2 Calculation of the output signal
(c) Peter Fischer, 2006-2013 Institute for Computer Engineering (ZITI), Heidelberg University, Germany email address: peter.fischer@ziti.uni-heidelberg.de In this text I will show how the period of the
More informationSome approaches to construct MDS matrices over a finite field
2017 6 Å 31 Å 2 ¹ June 2017 Communication on Applied Mathematics and Computation Vol.31 No.2 DOI 10.3969/j.issn.1006-6330.2017.02.001 Some approaches to construct MDS matrices over a finite field BELOV
More informationFast Correlation Attacks: an Algorithmic Point of View
Fast Correlation Attacks: an Algorithmic Point of View Philippe Chose, Antoine Joux, and Michel Mitton DCSSI, 18 rue du Docteur Zamenhof F-92131 Issy-les-Moulineaux cedex, France Philippe.Chose@ens.fr,
More informationTwo Efficient Algorithms for Arithmetic of Elliptic Curves Using Frobenius Map
Two Efficient Algorithms for Arithmetic of Elliptic Curves Using Frobenius Map Jung Hee Cheon, Sungmo Park, Sangwoo Park, and Daeho Kim Electronics and Telecommunications Research Institute, 161 Kajong-Dong,Yusong-Gu,
More informationPermutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1
Permutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1 Kwangsu Lee A Thesis for the Degree of Master of Science Division of Computer Science, Department
More informationSubquadratic space complexity multiplier for a class of binary fields using Toeplitz matrix approach
Subquadratic space complexity multiplier for a class of binary fields using Toeplitz matrix approach M A Hasan 1 and C Negre 2 1 ECE Department and CACR, University of Waterloo, Ontario, Canada 2 Team
More informationFast Discrete Fourier Spectra Attacks on Stream Ciphers
Fast Discrete Fourier Spectra Attacks on Stream Ciphers Guang Gong, Sondre Rønjom, Tor Helleseth, and Honggang Hu Department of Electrical and Computer Engineering University of Waterloo Waterloo, Ontario,
More informationSOBER Cryptanalysis. Daniel Bleichenbacher and Sarvar Patel Bell Laboratories Lucent Technologies
SOBER Cryptanalysis Daniel Bleichenbacher and Sarvar Patel {bleichen,sarvar}@lucent.com Bell Laboratories Lucent Technologies Abstract. SOBER is a new stream cipher that has recently been developed by
More informationA Scalable Method for Constructing Galois NLFSRs with Period 2 n 1 using Cross-Join Pairs
A Scalable Method for Constructing Galois NLFSRs with Period 2 n 1 using Cross-Join Pairs Elena Dubrova Royal Institute of Technology (KTH), Forum 12, 164 4 Kista, Sweden {dubrova}@kth.se Abstract. This
More informationThe ANF of the Composition of Addition and Multiplication mod 2 n with a Boolean Function
The ANF of the Composition of Addition and Multiplication mod 2 n with a Boolean Function An Braeken 1 and Igor Semaev 2 1 Department Electrical Engineering, ESAT/COSIC, Katholieke Universiteit Leuven,
More informationThe Adjacency Graphs of Linear Feedback Shift Registers with Primitive-like Characteristic Polynomials
The Adjacency Graphs of Linear Feedback Shift Registers with Primitive-like Characteristic Polynomials Ming Li and Dongdai Lin State Key Laboratory of Information Security, Institute of Information Engineering,
More informationHow does the computer generate observations from various distributions specified after input analysis?
1 How does the computer generate observations from various distributions specified after input analysis? There are two main components to the generation of observations from probability distributions.
More informationOn The Nonlinearity of Maximum-length NFSR Feedbacks
On The Nonlinearity of Maximum-length NFSR Feedbacks Meltem Sönmez Turan National Institute of Standards and Technology meltem.turan@nist.gov Abstract. Linear Feedback Shift Registers (LFSRs) are the main
More informationFast Correlation Attacks: An Algorithmic Point of View
Fast Correlation Attacks: An Algorithmic Point of View Philippe Chose, Antoine Joux, and Michel Mitton DCSSI, 18 rue du Docteur Zamenhof, F-92131 Issy-les-Moulineaux cedex, France, Philippe.Chose@ens.fr,
More informationOn the Statistically Optimal Divide and Conquer Correlation Attack on the Shrinking Generator
On the Statistically Optimal Divide and Conquer Correlation Attack on the Shrinking Generator Shahram Khazaei, Mahmood Salmasizadeh,JavadMohajeri *Department of Electrical Engineering Sharif University
More informationBinary Additive Counter Stream Ciphers
Number Theory and Related Area ALM 27, pp. 1 23 c Higher Education Press and International Press Beijing Boston Binary Additive Counter Stream Ciphers Cunsheng Ding, Wenpei Si Abstract Although a number
More informationA Large Block Cipher using an Iterative Method and the Modular Arithmetic Inverse of a key Matrix
A Large Block Cipher using an Iterative Method and the Modular Arithmetic Inverse of a key Matrix S. Udaya Kumar V. U. K. Sastry A. Vinaya babu Abstract In this paper, we have developed a block cipher
More informationStatistical Properties of the Arithmetic Correlation of Sequences. Mark Goresky School of Mathematics Institute for Advanced Study
International Journal of Foundations of Computer Science c World Scientific Publishing Company Statistical Properties of the Arithmetic Correlation of Sequences Mark Goresky School of Mathematics Institute
More informationA NOTE ON THE LOCATION OF CRITICAL POINTS OF POLYNOMIALS
PROCEEDINGS OF THE AMERICAN MATHEMATICAL Volume 27, No. 2, February 1971 SOCIETY A NOTE ON THE LOCATION OF CRITICAL POINTS OF POLYNOMIALS E. B. SAFF AND J. B. TWOMEY Abstract. Let(P(a, 3) denote the set
More informationT h e C S E T I P r o j e c t
T h e P r o j e c t T H E P R O J E C T T A B L E O F C O N T E N T S A r t i c l e P a g e C o m p r e h e n s i v e A s s es s m e n t o f t h e U F O / E T I P h e n o m e n o n M a y 1 9 9 1 1 E T
More informationPeriodicity and Distribution Properties of Combined FCSR Sequences
Periodicity and Distribution Properties of Combined FCSR Sequences Mark Goresky 1, and Andrew Klapper, 1 Institute for Advanced Study, Princeton NJ www.math.ias.edu/~goresky Dept. of Computer Science,
More informationA New Bit-Serial Architecture for Field Multiplication Using Polynomial Bases
A New Bit-Serial Architecture for Field Multiplication Using Polynomial Bases Arash Reyhani-Masoleh Department of Electrical and Computer Engineering The University of Western Ontario London, Ontario,
More informationCharacterizations on Algebraic Immunity for Multi-Output Boolean Functions
Characterizations on Algebraic Immunity for Multi-Output Boolean Functions Xiao Zhong 1, and Mingsheng Wang 3 1. Institute of Software, Chinese Academy of Sciences, Beijing 100190, China. Graduate School
More informationThe Polynomial Composition Problem in (Z/nZ)[X]
The Polynomial Composition Problem in (Z/nZ)[X] Marc Joye 1, David Naccache 2, and Stéphanie Porte 1 1 Gemplus Card International Avenue du Jujubier, ZI Athélia IV, 13705 La Ciotat Cedex, France {marc.joye,
More informationImplementation of Automatic Invertible Matrix Mechanism in NTRU Matrix Formulation Algorithm
Implementation of Automatic Invertible Matrix Mechanism in NTRU Matrix Formulation Algorithm Mohan Rao Mamdikar, Vinay Kumar & D. Ghosh National Institute of Technology, Durgapur E-mail : Mohanrao.mamdikar@gmail.com,
More informationOptimum Binary-Constrained Homophonic Coding
Optimum Binary-Constrained Homophonic Coding Valdemar C. da Rocha Jr. and Cecilio Pimentel Communications Research Group - CODEC Department of Electronics and Systems, P.O. Box 7800 Federal University
More informationBinary GH Sequences for Multiparty Communication. Krishnamurthy Kirthi
Binary GH Sequences for Multiparty Communication Krishnamurthy Kirthi Abstract This paper investigates cross correlation properties of sequences derived from GH sequences modulo p, where p is a prime number
More informationPARALLEL MULTIPLICATION IN F 2
PARALLEL MULTIPLICATION IN F 2 n USING CONDENSED MATRIX REPRESENTATION Christophe Negre Équipe DALI, LP2A, Université de Perpignan avenue P Alduy, 66 000 Perpignan, France christophenegre@univ-perpfr Keywords:
More informationNonlinear Shi, Registers: A Survey and Open Problems. Tor Helleseth University of Bergen NORWAY
Nonlinear Shi, Registers: A Survey and Open Problems Tor Helleseth University of Bergen NORWAY Outline ntroduc9on Nonlinear Shi> Registers (NLFSRs) Some basic theory De Bruijn Graph De Bruijn graph Golomb
More informationCorrecting Codes in Cryptography
EWSCS 06 Palmse, Estonia 5-10 March 2006 Lecture 2: Orthogonal Arrays and Error- Correcting Codes in Cryptography James L. Massey Prof.-em. ETH Zürich, Adjunct Prof., Lund Univ., Sweden, and Tech. Univ.
More informationOn the Distribution of Characteristics
On the Distribution of Characteristics in Composite Permutations Luke O'Connor Distributed Systems Technology Center Brisbane, Australia email: oconnorofitmai1.fit.qnt.edn.a~ Abstract. Differential cryptanalysis
More informationFeedback with Carry Shift Registers over Finite Fields (Extended Abstract)
Feedback with Carry Shift Registers over Finite Fields (Extended Abstract) Andrew Klapper* Dept. of Computer Science 763H Anderson Hall University of Kentucky, Lexington KY 40506-0046 USA klapper@cs.uky.edu.
More informationResilience to Distinguishing Attacks on WG-7 Cipher and Their Generalizations
Resilience to Distinguishing Attacks on WG-7 Cipher and Their Generalizations Guang Gong, Mark Aagaard and Xinxin Fan Department of Electrical and Computer Engineering University of Waterloo, Waterloo,
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationCryptanalysis of the Stream Cipher ABC v2
Cryptanalysis of the Stream Cipher ABC v2 Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven, ESAT/SCD-COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium {wu.hongjun,bart.preneel}@esat.kuleuven.be
More informationTransform Domain Analysis of DES. Guang Gong and Solomon W. Golomb. University of Southern California. Tels and
Transform Domain Analysis of DES Guang Gong and Solomon W. Golomb Communication Sciences Institute University of Southern California Electrical Engineering-Systems, EEB # 500 Los Angeles, California 90089-2565
More informationEmbedding and Probabilistic. Correlation Attacks on. Clock-Controlled Shift Registers. Jovan Dj. Golic 1
Embedding and Probabilistic Correlation Attacks on Clock-Controlled Shift Registers Jovan Dj. Golic 1 Information Security Research Centre, Queensland University of Technology, GPO Box 2434, Brisbane,
More informationCharacterization of 2 n -Periodic Binary Sequences with Fixed 2-error or 3-error Linear Complexity
Characterization of n -Periodic Binary Sequences with Fixed -error or 3-error Linear Complexity Ramakanth Kavuluru Department of Computer Science, University of Kentucky, Lexington, KY 40506, USA. Abstract
More information