2 n -Periodic Binary Sequences with Fixed k-error Linear Complexity for k = 2 or 3
|
|
- Lilian Gardner
- 5 years ago
- Views:
Transcription
1 2 n -Periodic Binary Sequences with Fixed k-error Linear Complexity for k = 2 or 3 Ramakanth Kavuluru Department of Computer Science University of Kentucky SEequences and Their Applications 2008 Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 1 / 14
2 Outline 1 Preliminaries Linear Complexity k-error Linear Complexity 2 Our Contribution Problem and Motivation Basic Characterization Counting Functions 3 Concluding Remarks Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 2 / 14
3 Linear Complexity Definition The linear complexity L(S) of a sequence S = (s 0, s 1, ) over F q is the length of smallest LFSR that can generate S. Let S be a periodic sequence with period T. Let S(x) = s 0 + s 1 x + + s T 1 x T 1. Then s i x i = S(x) 1 x T = u(x), gcd(u(x), g(x)) = 1. g(x) i=0 g(x) - minimal connection polynomial. L(S) = T deg(gcd(s(x), 1 x T )) = deg(g(x)). Shift register synthesis: Berlekamp-Massey algorithm. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 3 / 14
4 k-error Linear Complexity In practice, if an attacker can recover all but a few symbols of the keystream then the system is insecure. Attacker: Try all k = 1 symbol changes of the known keystream. Choose the one that leads to a message that makes sense. Then try all k = 2 symbol changes and so on. Definition (Ding et al., Martin and Stamp) The k-error linear complexity L k (S) of a periodic sequence S is the smallest linear complexity that can be obtained by performing up to k symbol changes in a single period of S. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 4 / 14
5 k-error Linear Complexity In practice, if an attacker can recover all but a few symbols of the keystream then the system is insecure. Attacker: Try all k = 1 symbol changes of the known keystream. Choose the one that leads to a message that makes sense. Then try all k = 2 symbol changes and so on. Definition (Ding et al., Martin and Stamp) The k-error linear complexity L k (S) of a periodic sequence S is the smallest linear complexity that can be obtained by performing up to k symbol changes in a single period of S. Proposition 1 (Kurosawa et al.) For a 2 n -periodic binary sequence S the minimum number of changes required to lower the linear complexity of S is merr(s)= 2 wh(2n L(S)). Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 4 / 14
6 Notation and Approach A(L) - The set of 2 n -periodic binary sequences S with L(S) = L. A k (L) - The set of 2 n -periodic binary sequences S with L k (S) = L. Problem: Characterize and count sequences in A 2 (L) and A 3 (L), when w H (2 n L) 2. Approach: 1 Derive some useful properties of A(L) and L k (S). 2 Use them to characterize and count sequences in A 2 (L) and A 3 (L). Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 5 / 14
7 Notation and Approach A(L) - The set of 2 n -periodic binary sequences S with L(S) = L. A k (L) - The set of 2 n -periodic binary sequences S with L k (S) = L. Problem: Characterize and count sequences in A 2 (L) and A 3 (L), when w H (2 n L) 2. Approach: 1 Derive some useful properties of A(L) and L k (S). 2 Use them to characterize and count sequences in A 2 (L) and A 3 (L). E i1,,i t = (e 0,, e 2n 1) : e l = 1, l = i 1,, i t ; e l = 0 otherwise. E t = {E i1,,i t : 0 i 1 < < i t 2 n 1}. A(L) + R = {S + R : S A(L)}, where R is any sequence. A(L)[R] - The set of sets {A(L) + R : R R}, where R is a set of sequences Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 5 / 14
8 Motivation and Previous Work Counting functions are useful To determine the expected value and variance of linear complexity and k-error linear complexity of a family of sequences. To also know the exact number of sequences available with high linear complexity and high k-error linear complexity. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 6 / 14
9 Motivation and Previous Work Counting functions are useful To determine the expected value and variance of linear complexity and k-error linear complexity of a family of sequences. To also know the exact number of sequences available with high linear complexity and high k-error linear complexity. Previous work on counting functions and expected values. Counting functions for linear and error linear complexity of sequences over finite fields: Gustavson, 1976; Meidl and Niederreiter Counting functions for error linear complexity measures for multisequences: Meidl, Niederreiter, and Venkateswarlu Counting functions and expected values for k-error linear complexity of 2 n -periodic binary sequences: Meidl 2005; Fu, Niederreiter, and Su 2006; Fengxiang and Wenfeng Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 6 / 14
10 Characterization When w H (2 n L) = 0 or 1 Proposition 2 (Fu et al.) For any sequence S A(2 n ) we have L 2 (S) = L 1 (S) < 2 n. Proposition 3 (Meidl) For any 2 n -periodic binary sequence S and for k 2, L k (S) is different from 2 n 2 t for every integer t with 0 t < n. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 7 / 14
11 Characterization When w H (2 n L) = 0 or 1 Proposition 2 (Fu et al.) For any sequence S A(2 n ) we have L 2 (S) = L 1 (S) < 2 n. Proposition 3 (Meidl) For any 2 n -periodic binary sequence S and for k 2, L k (S) is different from 2 n 2 t for every integer t with 0 t < n. ( ) 2 n A 2 (0) = E 1 E 2 {0} and A 2 (0) = + 2 n Proposition 2 = A 2 (2 n ) =. Proposition 3 = A 2 (L) = for L = 2 n 2 t, 0 t < n. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 7 / 14
12 Characterization When w H (2 n L) 3 Theorem 1 Let S be a T-periodic binary sequence. Consider any two positive integers u, v such that 0 v u and u + v < merr(s). Then for any T-periodic binary sequence E such that w H (E) = v we have L u (S + E) = L(S). Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 8 / 14
13 Characterization When w H (2 n L) 3 Theorem 1 Let S be a T-periodic binary sequence. Consider any two positive integers u, v such that 0 v u and u + v < merr(s). Then for any T-periodic binary sequence E such that w H (E) = v we have L u (S + E) = L(S). Theorem 2 If w H (2 n L) 3, then A 2 (L) = A(L) ( ) (A(L) + E i ) (A(L) + E i,j ). E i E 1 E i,j E 2 Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 8 / 14
14 A 2 (L) and A 2 (L) When 0 < L < 2 n 2 Theorem 3 For a given r {1,, n 1}, let 1 L < 2 n r. Then for any two distinct sequences S, S A(L) we have d H (S, S ) = t 2 r+1 for some t {1, 2, 3,, 2 n r 1 }, which implies d H (S, S ) 2 r+1. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 9 / 14
15 A 2 (L) and A 2 (L) When 0 < L < 2 n 2 Theorem 3 For a given r {1,, n 1}, let 1 L < 2 n r. Then for any two distinct sequences S, S A(L) we have d H (S, S ) = t 2 r+1 for some t {1, 2, 3,, 2 n r 1 }, which implies d H (S, S ) 2 r+1. Theorem 4 If w H (2 n L) 3 and 1 L < 2 n 2, then the sets A(L), A(L) + E i, E i E 1, and A(L) + E i,j, E i,j E 2, are disjoint. Furthermore, (( ) ) 2 n A 2 (L) = + 2 n L 1. 2 Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 9 / 14
16 Cardinality of A(L)[E 1 ] and 2 n 2 < L < 2 n 3 Theorem 5 (Fu et al.) For any sequence S A(L), where 2 n 2 n r < L < 2 n 2 n r 1 for some 1 r n 2, and for any integer 0 i 2 n 1, the number of sequences S + E i,j A(L), where 0 j 2 n 1 and j i, is exactly 2 r 1 corresponding to all j {i t2 n r : 1 t 2 r 1}. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 10 / 14
17 Cardinality of A(L)[E 1 ] and 2 n 2 < L < 2 n 3 Theorem 5 (Fu et al.) For any sequence S A(L), where 2 n 2 n r < L < 2 n 2 n r 1 for some 1 r n 2, and for any integer 0 i 2 n 1, the number of sequences S + E i,j A(L), where 0 j 2 n 1 and j i, is exactly 2 r 1 corresponding to all j {i t2 n r : 1 t 2 r 1}. For any L where w H (2 n L) 3 we have unique r 1 and r 2 such that 1 r 1 r 2 and 2 n (2 n r1 + 2 n r2 ) < L < 2 n (2 n r1 + 2 n r2 1 ), which implies 2 n 2 n r1+1 < L < 2 n 2 n r1. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 10 / 14
18 Cardinality of A(L)[E 1 ] and 2 n 2 < L < 2 n 3 Theorem 5 (Fu et al.) For any sequence S A(L), where 2 n 2 n r < L < 2 n 2 n r 1 for some 1 r n 2, and for any integer 0 i 2 n 1, the number of sequences S + E i,j A(L), where 0 j 2 n 1 and j i, is exactly 2 r 1 corresponding to all j {i t2 n r : 1 t 2 r 1}. For any L where w H (2 n L) 3 we have unique r 1 and r 2 such that 1 r 1 r 2 and 2 n (2 n r1 + 2 n r2 ) < L < 2 n (2 n r1 + 2 n r2 1 ), which implies 2 n 2 n r1+1 < L < 2 n 2 n r1. Theorem 5 = (A(L) + E u ) (A(L) + E v ) =, 0 u < v 2 n r Also, for each u = 0,, 2 n r1+1 1, A(L) + E u = A(L) + E u+t2 n r 1 +1, t = 0,, 2 r Thus A(L)[E 1 ] = 2 n r1+1. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 10 / 14
19 Cardinality of A(L)[E 2 ] and 2 n 2 < L < 2 n 3 Theorem 6 Let S A(L) where 2 n (2 n r1 + 2 n r2 ) < L < 2 n (2 n r1 + 2 n r2 1 ), for some r 1, r 2 {2,, n 1} satisfying 1 < r 1 r 2 or 1 = r 1 < r 2. We have the following two results. 1 Consider any four integers i, j, k, and l such that 0 i < j < k < l 2 n r Then L(S + E i,j,k,l ) = L(S) if and only if i, j, k, and l are in the form i = u + g 1 2 n r2, j = u + g 2 2 n r2, k = i + 2 n r1, and l = j + 2 n r1, where 0 u 2 n r2 1 and 1 g 1 < g 2 2 r2 r There do not exist integers i 1,, i 6 such that 0 i 1 < < i 6 2 n r1+1 1 and L(S + E i1,,i 6 ) = L(S). Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 11 / 14
20 Cardinality of A(L)[E 2 ] and 2 n 2 < L < 2 n 3 We only need to find A(L)[D 2 (L)], D 2 (L) = {E i,j : 0 i < j 2 n r1+1 1}. For all settings of i and j in part 1 of Theorem 6 we have set equalities A(L) + E i,j = A(L) + E i+2 n r 1,j+2 n r 1, A(L) + E i,j+2 n r 1 = A(L) + E i+2 n r 1,j, ( 2 r 2 r 1 ) resulting in 2 2 n r2 doubly counted sets. 2 Also, for each u = 0,, 2 n r2 1, we have 2 r2 r1 1 set equalities A(L) + E u,u+2 n r 1 = A(L) + E i,i+2 n r 1, where i = u + t2 n r2 for 1 t 2 r2 r1 1, resulting in 2 n r2 (2 r2 r1 1) doubly counted sets. ( 2 n r 1+1) ( ( 2 r 2 r 1 )) Thus A(L)[E 2 ] = A(L)[D 2 (L)] = 2 n r2 2 r2 r Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 12 / 14
21 A 2 (L) and A 2 (L) When 2 n 2 < L < 2 n 3 Theorem 7 Let w H (2 n L) 3 where 2 n (2 n r1 + 2 n r2 ) < L < 2 n (2 n r1 + 2 n r2 1 ) for some r 1, r 2 satisfying 1 < r 1 r 2 n 1. Define the sets D 1 (L) = {E i : 0 i < 2 n r1+1 } and D 2 (L) = {E i,j : 0 i < j < 2 n r1+1 }. For u = 0,, 2 n r2 1 define the sets D 1 u(l) = {E i,i+2 n r 1 : i = u + t2 n r2, 1 t 2 r2 r1 1}, D 2 u(l) = {E i,j, E i,j+2 n r 1 : i = u + t 1 2 n r2, j = u + t 2 2 n r2, 0 t 1 < t 2 2 r2 r1 1}. Consider the set D(L) = D 2 (L) 2 n r 2 1 u=0 (D 1 u(l) D 2 u(l)). Then the sets A(L), A(L) + E i, E i D 1 (L), and A(L) + E i,j, E i,j D(L), are disjoint. Furthermore, (( 2 n r 1+1) ) A 2 (L) = 2 n r2 (2 2r2 2r1 1) + 2 n r L 1. 2 Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 13 / 14
22 Final Remarks 1 The results for k = 3 are stated in the proceedings. 2 We also obtained results when w H (2 n L) = 2 with some further analysis. 3 Similar approach can be used for p n -periodic sequences over F p. 4 Results for arbitrary periods or for periods of other forms are desirable. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 14 / 14
Characterization of 2 n -Periodic Binary Sequences with Fixed 2-error or 3-error Linear Complexity
Characterization of n -Periodic Binary Sequences with Fixed -error or 3-error Linear Complexity Ramakanth Kavuluru Department of Computer Science, University of Kentucky, Lexington, KY 40506, USA. Abstract
More informationCounting Functions for the k-error Linear Complexity of 2 n -Periodic Binary Sequences
Counting Functions for the k-error inear Complexity of 2 n -Periodic Binary Sequences amakanth Kavuluru and Andrew Klapper Department of Computer Science, University of Kentucky, exington, KY 40506. Abstract
More informationCounting Functions for the k-error Linear Complexity of 2 n -Periodic Binary Sequences
Counting Functions for the k-error inear Complexity of 2 n -Periodic Binary Sequences Ramakanth Kavuluru and Andrew Klapper Department of Computer Science, University of Kentucky, exington, KY 40506, USA
More informationANALYSIS OF SECURITY MEASURES FOR SEQUENCES
University of Kentucky UKnowledge University of Kentucky Doctoral Dissertations Graduate School 2009 ANALYSIS OF SECURITY MEASURES FOR SEQUENCES Ramakanth Kavuluru University of Kentucky, kvnramakanth@yahoo.com
More informationOn the k-error linear complexity for p n -periodic binary sequences via hypercube theory
1 On the k-error linear complexity for p n -periodic binary sequences via hypercube theory Jianqin Zhou Department of Computing, Curtin University, Perth, WA 6102 Australia Computer Science School, Anhui
More informationLecture 10-11: General attacks on LFSR based stream ciphers
Lecture 10-11: General attacks on LFSR based stream ciphers Thomas Johansson T. Johansson (Lund University) 1 / 23 Introduction z = z 1, z 2,..., z N is a known keystream sequence find a distinguishing
More information4.3 General attacks on LFSR based stream ciphers
67 4.3 General attacks on LFSR based stream ciphers Recalling our initial discussion on possible attack scenarios, we now assume that z = z 1,z 2,...,z N is a known keystream sequence from a generator
More informationOn the Linear Complexity of Legendre-Sidelnikov Sequences
On the Linear Complexity of Legendre-Sidelnikov Sequences Ming Su Nankai University, China Emerging Applications of Finite Fields, Linz, Dec. 12 Outline Motivation Legendre-Sidelnikov Sequence Definition
More informationStream Ciphers: Cryptanalytic Techniques
Stream Ciphers: Cryptanalytic Techniques Thomas Johansson Department of Electrical and Information Technology. Lund University, Sweden ECRYPT Summer school 2007 (Lund University) Stream Ciphers: Cryptanalytic
More informationChapter 6 Reed-Solomon Codes. 6.1 Finite Field Algebra 6.2 Reed-Solomon Codes 6.3 Syndrome Based Decoding 6.4 Curve-Fitting Based Decoding
Chapter 6 Reed-Solomon Codes 6. Finite Field Algebra 6. Reed-Solomon Codes 6.3 Syndrome Based Decoding 6.4 Curve-Fitting Based Decoding 6. Finite Field Algebra Nonbinary codes: message and codeword symbols
More informationThe BCH Bound. Background. Parity Check Matrix for BCH Code. Minimum Distance of Cyclic Codes
S-723410 BCH and Reed-Solomon Codes 1 S-723410 BCH and Reed-Solomon Codes 3 Background The algebraic structure of linear codes and, in particular, cyclic linear codes, enables efficient encoding and decoding
More informationBerlekamp-Massey decoding of RS code
IERG60 Coding for Distributed Storage Systems Lecture - 05//06 Berlekamp-Massey decoding of RS code Lecturer: Kenneth Shum Scribe: Bowen Zhang Berlekamp-Massey algorithm We recall some notations from lecture
More informationCombinatorics of p-ary Bent Functions
Combinatorics of p-ary Bent Functions MIDN 1/C Steven Walsh United States Naval Academy 25 April 2014 Objectives Introduction/Motivation Definitions Important Theorems Main Results: Connecting Bent Functions
More informationAn algorithm for computing minimal bidirectional linear recurrence relations
Loughborough University Institutional Repository An algorithm for computing minimal bidirectional linear recurrence relations This item was submitted to Loughborough University's Institutional Repository
More informationBinary Additive Counter Stream Ciphers
Number Theory and Related Area ALM 27, pp. 1 23 c Higher Education Press and International Press Beijing Boston Binary Additive Counter Stream Ciphers Cunsheng Ding, Wenpei Si Abstract Although a number
More informationComplexity measures for classes of sequences and cryptographic apllications
Loughborough University Institutional Repository Complexity measures for classes of sequences and cryptographic apllications This item was submitted to Loughborough University's Institutional Repository
More informationOn the computation of the linear complexity and the k-error linear complexity of binary sequences with period a power of two
Loughborough University Institutional Repository On the computation of the linear complexity and the k-error linear complexity of binary sequences with period a power of two This item was submitted to
More informationPseudo-Random Number Generators
Unit 41 April 18, 2011 1 Pseudo-Random Number Generators Recall the one-time pad: k = k 1, k 2, k 3... a random bit-string p = p 1, p 2, p 3,... plaintext bits E(p) = p k. We desire long sequences of numbers
More informationAnalysis of Modern Stream Ciphers
Analysis of Modern Stream Ciphers Josef Pieprzyk Centre for Advanced Computing Algorithms and Cryptography, Macquarie University, Australia CANS - Singapore - December 2007 estream Outline 1. estream Project
More informationRandomness and Complexity of Sequences over Finite Fields. Harald Niederreiter, FAMS. RICAM Linz and University of Salzburg (Austria)
Randomness and Complexity of Sequences over Finite Fields Harald Niederreiter, FAMS RICAM Linz and University of Salzburg (Austria) Introduction A hierarchy of complexities Complexity and random sequences
More informationModified Berlekamp-Massey algorithm for approximating the k-error linear complexity of binary sequences
Loughborough University Institutional Repository Modified Berlekamp-Massey algorithm for approximating the k-error linear complexity of binary sequences This item was submitted to Loughborough University's
More informationIntroducing a new variant of fast algberaic attacks and minimizing their successive data complexity
Introducing a new variant of fast algberaic attacks and minimizing their successive data complexity Frederik Armknecht 1 Gwénolé Ars 2 1 Theoretische Informatik, University of Mannheim, Germany 2 IRMAR,
More informationCryptanalysis of the Stream Cipher ABC v2
Cryptanalysis of the Stream Cipher ABC v2 Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven, ESAT/SCD-COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium {wu.hongjun,bart.preneel}@esat.kuleuven.be
More informationSequences, DFT and Resistance against Fast Algebraic Attacks
Sequences, DFT and Resistance against Fast Algebraic Attacks Guang Gong Department of Electrical and Computer Engineering University of Waterloo Waterloo, Ontario N2L 3G1, CANADA Email. ggong@calliope.uwaterloo.ca
More informationCryptanalysis of Achterbahn
Cryptanalysis of Achterbahn Thomas Johansson 1, Willi Meier 2, and Frédéric Muller 3 1 Department of Information Technology, Lund University P.O. Box 118, 221 00 Lund, Sweden thomas@it.lth.se 2 FH Aargau,
More information4F5: Advanced Communications and Coding
4F5: Advanced Communications and Coding Coding Handout 4: Reed Solomon Codes Jossy Sayir Signal Processing and Communications Lab Department of Engineering University of Cambridge jossy.sayir@eng.cam.ac.uk
More information5.0 BCH and Reed-Solomon Codes 5.1 Introduction
5.0 BCH and Reed-Solomon Codes 5.1 Introduction A. Hocquenghem (1959), Codes correcteur d erreurs; Bose and Ray-Chaudhuri (1960), Error Correcting Binary Group Codes; First general family of algebraic
More informationarxiv: v1 [cs.cr] 25 Jul 2013
On the k-error linear complexity of binary sequences derived from polynomial quotients Zhixiong Chen School of Applied Mathematics, Putian University, Putian, Fujian 351100, P. R. China ptczx@126.com arxiv:1307.6626v1
More informationOptimizing the placement of tap positions. joint work with Enes Pasalic, Samed Bajrić and Yongzhuang Wei
Optimizing the placement of tap positions Samir Hodžić joint work with Enes Pasalic, Samed Bajrić and Yongzhuang Wei Filtering generator Linear feedback shift register (LFSR). Nonlinear filtering function
More informationFast correlation attacks on certain stream ciphers
FSE 2011, February 14-16, Lyngby, Denmark Fast correlation attacks on certain stream ciphers Willi Meier FHNW Switzerland 1 Overview A decoding problem LFSR-based stream ciphers Correlation attacks Fast
More informationDesign of Pseudo-Random Spreading Sequences for CDMA Systems
Design of Pseudo-Random Spreading Sequences for CDMA Systems Jian Ren and Tongtong Li Department of Electrical and Computer Engineering Michigan State University, 2120 Engineering Building East Lansing,
More information3.8 MEASURE OF RUNDOMNESS:
Lec 10 : Data Security Stream Cipher Systems 1 3.8 MEASURE OF RUNDOMNESS: 3.9.1 DEFINITION: Run: sequence of identical bits (0 or 1) Ex.01110000111 Runs are 0,111, 0000, 111 Gap: runs of zeroes 1000011
More informationLinear Feedback Shift Registers
Linear Feedback Shift Registers Pseudo-Random Sequences A pseudo-random sequence is a periodic sequence of numbers with a very long period. Golomb's Principles G1: The # of zeros and ones should be as
More informationOn The Nonlinearity of Maximum-length NFSR Feedbacks
On The Nonlinearity of Maximum-length NFSR Feedbacks Meltem Sönmez Turan National Institute of Standards and Technology meltem.turan@nist.gov Abstract. Linear Feedback Shift Registers (LFSRs) are the main
More informationSplitting Subspaces, Singer Cycles and Linear Recurrences
Splitting Subspaces, Singer Cycles and Linear Recurrences Department of Mathematics Indian Institute of Technology Bombay Powai, Mumbai 400076, India http://www.math.iitb.ac.in/ srg/ Séminaire de Théorie
More informationORYX. ORYX not an acronym, but upper case Designed for use with cell phones. Standard developed by. Cipher design process not open
ORYX ORYX 1 ORYX ORYX not an acronym, but upper case Designed for use with cell phones o To protect confidentiality of voice/data o For data channel, not control channel o Control channel encrypted with
More informationThe Berlekamp-Massey Algorithm via Minimal Polynomials
The Berlekamp-Massey Algorithm via Minimal Polynomials arxiv:1001.1597v3 [cs.it] 19 Aug 010 G. H. Norton, Department of Mathematics University of Queensland. August 0, 010 Abstract We present a recursive
More informationCyclic Codes from the Two-Prime Sequences
Cunsheng Ding Department of Computer Science and Engineering The Hong Kong University of Science and Technology Kowloon, Hong Kong, CHINA May 2012 Outline of this Talk A brief introduction to cyclic codes
More informationMATH 3300 Test 1. Name: Student Id:
Name: Student Id: There are nine problems (check that you have 9 pages). Solutions are expected to be short. In the case of proofs, one or two short paragraphs should be the average length. Write your
More informationInformation redundancy
Information redundancy Information redundancy add information to date to tolerate faults error detecting codes error correcting codes data applications communication memory p. 2 - Design of Fault Tolerant
More informationLeast Period of Linear Recurring Sequences over a Finite Field
Degree Project Least Period of Linear Recurring Sequences over a Finite Field 2012-02-29 Author: Sajid Hanif Subject: Mathematics Level: Master Course code: 5MA12E Abstract This thesis deals with fundamental
More informationPseudorandom Sequences I: Linear Complexity and Related Measures
Pseudorandom Sequences I: Linear Complexity and Related Measures Arne Winterhof Austrian Academy of Sciences Johann Radon Institute for Computational and Applied Mathematics Linz Carleton University 2010
More informationStream ciphers I. Thomas Johansson. May 16, Dept. of EIT, Lund University, P.O. Box 118, Lund, Sweden
Dept. of EIT, Lund University, P.O. Box 118, 221 00 Lund, Sweden thomas@eit.lth.se May 16, 2011 Outline: Introduction to stream ciphers Distinguishers Basic constructions of distinguishers Various types
More informationCryptographic D-morphic Analysis and Fast Implementations of Composited De Bruijn Sequences
Cryptographic D-morphic Analysis and Fast Implementations of Composited De Bruijn Sequences Kalikinkar Mandal, and Guang Gong Department of Electrical and Computer Engineering University of Waterloo Waterloo,
More informationNew successor rules for constructing de Bruijn sequences
New successor rules for constructing de Bruijn sequences Dennis Wong Northwest Missouri State University Daniel Gabric and Joe Sawada University of Guelph, CAN Aaron Williams Simon s Rock, USA Southeastern
More informationLow Correlation Sequences for CDMA
Indian Institute of Science, Bangalore International Networking and Communications Conference Lahore University of Management Sciences Acknowledgement Prof. Zartash Afzal Uzmi, Lahore University of Management
More informationCryptography and Shift Registers
6 The Open Mathematics Journal, 29, 2, 6-2 Cryptography and Shift Registers Open Access A.A. Bruen and R.A. Mollin,* Department of Electrical and Computer Engineering, University of Calgary, Canada Department
More informationSOBER Cryptanalysis. Daniel Bleichenbacher and Sarvar Patel Bell Laboratories Lucent Technologies
SOBER Cryptanalysis Daniel Bleichenbacher and Sarvar Patel {bleichen,sarvar}@lucent.com Bell Laboratories Lucent Technologies Abstract. SOBER is a new stream cipher that has recently been developed by
More informationAlgebraic Feedback Shift Registers Based on Function Fields
Algebraic Feedback Shift Registers Based on Function Fields Andrew Klapper 1 University of Kentucky Department of Computer Science, 779 A Anderson Hall Lexington, KY 40506-0046, USA klapper@cs.uky.edu
More informationA Scalable Method for Constructing Galois NLFSRs with Period 2 n 1 using Cross-Join Pairs
A Scalable Method for Constructing Galois NLFSRs with Period 2 n 1 using Cross-Join Pairs Elena Dubrova Royal Institute of Technology (KTH), Forum 12, 164 4 Kista, Sweden {dubrova}@kth.se Abstract. This
More informationDS-GA 1002 Lecture notes 0 Fall Linear Algebra. These notes provide a review of basic concepts in linear algebra.
DS-GA 1002 Lecture notes 0 Fall 2016 Linear Algebra These notes provide a review of basic concepts in linear algebra. 1 Vector spaces You are no doubt familiar with vectors in R 2 or R 3, i.e. [ ] 1.1
More informationNonlinear Equivalence of Stream Ciphers
Sondre Rønjom 1 and Carlos Cid 2 1 Crypto Technology Group, Norwegian National Security Authority, Bærum, Norway 2 Information Security Group, Royal Holloway, University of London Egham, United Kingdom
More informationCSC Discrete Math I, Spring Relations
CSC 125 - Discrete Math I, Spring 2017 Relations Binary Relations Definition: A binary relation R from a set A to a set B is a subset of A B Note that a relation is more general than a function Example:
More informationParallel Generation of l-sequences
Parallel Generation of l-sequences Cédric Lauradoux 1 and Andrea Röck 2 1 Princeton University, Department of electrical engineering Princeton, NJ 08544, USA claurado@princeton.edu 2 Team SECRET, INRIA
More informationDesign of Filter Functions for Key Stream Generators using Boolean Power Functions Jong-Min Baek
Design of Filter Functions for Key Stream Generators using Boolean Power Functions Jong-Min Baek The Graduate School Yonsei University Department of Electrical and Electronic Engineering Design of Filter
More informationApplications of Galois Geometries to Coding Theory and Cryptography
Applications of Galois Geometries to Coding Theory and Cryptography Ghent University Dept. of Mathematics Krijgslaan 281 - Building S22 9000 Ghent Belgium Albena, July 1, 2013 1. Affine spaces 2. Projective
More informationThe expected value of the joint linear complexity of periodic multisequences $
Journal of Complexity 19 (2003) 61 72 http://www.elsevier.com/locate/jco The expected value of the joint linear complexity of periodic multisequences $ Wilfried Meidl a and Harald Niederreiter b, * a Institute
More informationDiscrete Mathematics 2007: Lecture 5 Infinite sets
Discrete Mathematics 2007: Lecture 5 Infinite sets Debrup Chakraborty 1 Countability The natural numbers originally arose from counting elements in sets. There are two very different possible sizes for
More informationa fast correlation attack implementation
university of cape town a fast correlation attack implementation Honours Project 2011 Azhar Desai supervisors Dr Anne Kayem Dr Christine Swart Abstract Stream ciphers are used to encrypt data on devices
More informationClock-Controlled Shift Registers for Key-Stream Generation
Clock-Controlled Shift Registers for Key-Stream Generation Alexander Kholosha Department of athematics and Computer Science Technische Universiteit Eindhoven, PO Box 513, 5600 B Eindhoven, The Netherlands
More informationUNPREDICTABLE BINARY STRINGS
UNPREDICTABLE BINARY STRINGS R.M. LOW, M. STAMP, R. CRAIGEN, AND G. FAUCHER Abstract. We examine a class of binary strings arising from considerations about stream cipher encryption: to what degree can
More informationMILP-based Cube Attack on the Reduced-Round WG-5 Lightweight Stream Cipher
MILP-based Cube Attack on the Reduced-Round WG-5 Lightweight Stream Cipher Raghvendra Rohit, Riham AlTawy, & Guang Gong Department of Electrical and Computer Engineering, University of Waterloo Waterloo,
More informationImprovements to Correlation Attacks Against Stream. Ciphers with Nonlinear Combiners. Brian Stottler Elizabethtown College
Improvements to Correlation Attacks Against Stream Ciphers with Nonlinear Combiners Brian Stottler Elizabethtown College Spring 2018 1 Background 1.1 Stream Ciphers Throughout the multi-thousand year history
More informationRON M. ROTH * GADIEL SEROUSSI **
ENCODING AND DECODING OF BCH CODES USING LIGHT AND SHORT CODEWORDS RON M. ROTH * AND GADIEL SEROUSSI ** ABSTRACT It is shown that every q-ary primitive BCH code of designed distance δ and sufficiently
More informationFoundations of Mathematics Worksheet 2
Foundations of Mathematics Worksheet 2 L. Pedro Poitevin June 24, 2007 1. What are the atomic truth assignments on {a 1,..., a n } that satisfy: (a) The proposition p = ((a 1 a 2 ) (a 2 a 3 ) (a n 1 a
More informationnonlinearities to resist certain attacks on these ciphers (correlation and linear attacks). A Boolean function is called bent if its nonlinearity equa
Upper bounds on the numbers of resilient functions and of bent functions Claude Carlet 1 and Andrew Klapper 2 1 INRIA projet CODES, B.P. 105, 78153 Le Chesnay Cedex- France. Claude.Carlet@inria.fr 2 Dept.
More informationComputing the Periods of Preimages in Surjective Cellular Automata
Computing the Periods of Preimages in Surjective Cellular Automata Luca Mariot 1,2, Alberto Leporati 1, Alberto Dennunzio 1, Enrico Formenti 2 1 Dipartimento di Informatica, Sistemistica e Comunicazione,
More informationAlgebraic Immunity of S-boxes and Augmented Functions
Algebraic Immunity of S-boxes and Augmented Functions Simon Fischer and Willi Meier S. Fischer and W. Meier AI of Sbox and AF 1 / 23 Outline 1 Algebraic Properties of S-boxes 2 Augmented Functions 3 Application
More informationTheory of Computation 1 Sets and Regular Expressions
Theory of Computation 1 Sets and Regular Expressions Frank Stephan Department of Computer Science Department of Mathematics National University of Singapore fstephan@comp.nus.edu.sg Theory of Computation
More informationCyclic Codes. Saravanan Vijayakumaran August 26, Department of Electrical Engineering Indian Institute of Technology Bombay
1 / 25 Cyclic Codes Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay August 26, 2014 2 / 25 Cyclic Codes Definition A cyclic shift
More informationLecture 22: RSA Encryption. RSA Encryption
Lecture 22: Recall: RSA Assumption We pick two primes uniformly and independently at random p, q $ P n We define N = p q We shall work over the group (Z N, ), where Z N is the set of all natural numbers
More informationDEPTH OF FACTORS OF SQUARE FREE MONOMIAL IDEALS
DEPTH OF FACTORS OF SQUARE FREE MONOMIAL IDEALS DORIN POPESCU Abstract. Let I be an ideal of a polynomial algebra over a field, generated by r-square free monomials of degree d. If r is bigger (or equal)
More informationAnalysis of Message Injection in Stream Cipher-based Hash Functions
Analysis o Message Injection in Stream Cipher-based Hash Functions Yuto Nakano 1, Carlos Cid 2, Kazuhide Fukushima 1, and Shinsaku Kiyomoto 1 1 KDDI R&D Laboratories Inc. 2 Royal Holloway, University o
More informationCorrelation Analysis of the Shrinking Generator
Correlation Analysis of the Shrinking Generator Jovan Dj. Golić GEMPLUS Rome CryptoDesign Center, Technology R&D Via Pio Emanuelli 1, 00143 Rome, Italy Email: jovan.golic@gemplus.com Abstract. The shrinking
More informationCryptanalysis of Achterbahn-128/80. Maria Naya-Plasencia. INRIA-Projet CODES FRANCE
Cryptanalysis of Achterbahn-128/80 Maria Naya-Plasencia INRIA-Projet CODES FRANCE Outline 1 Achterbahn 2 Tools used in our cryptanalysis 3 Cryptanalysis of Achterbahn-128/80 Achterbahn [Gammel-Göttfert-Kniffler05]...
More informationOn the Linear Complexity of Feedback Registers
On the Linear Complexity of Feedback Registers (extended abstract) A. H. Chan M. Goresky A. Klapper ru ortheastern University College of Computer Science 360 Huntington Ave. Boston, MA, 02113 ABSTRACT
More informationAlgebraic attack on stream ciphers Master s Thesis
Comenius University Faculty of Mathematics, Physics and Informatics Department of Computer Science Algebraic attack on stream ciphers Master s Thesis Martin Vörös Bratislava, 2007 Comenius University Faculty
More informationAbstract Algebra: Chapters 16 and 17
Study polynomials, their factorization, and the construction of fields. Chapter 16 Polynomial Rings Notation Let R be a commutative ring. The ring of polynomials over R in the indeterminate x is the set
More informationCRC Press has granted the following specific permissions for the electronic version of this book:
This is a Chapter from the Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996. For further information, see www.cacr.math.uwaterloo.ca/hac CRC Press has
More informationMathematical Induction
Mathematical Induction MAT231 Transition to Higher Mathematics Fall 2014 MAT231 (Transition to Higher Math) Mathematical Induction Fall 2014 1 / 21 Outline 1 Mathematical Induction 2 Strong Mathematical
More informationQuasigroups and stream cipher Edon80
Department of Algebra, Charles University in Prague June 3, 2010 Stream cipher Edon80 Edon80 is a binary additive stream cipher Input stream m i ( c i ) K Edon80 KEYSTREAM GENERATOR k i Output stream c
More informationLecture 24: MAC for Arbitrary Length Messages. MAC Long Messages
Lecture 24: MAC for Arbitrary Length Messages Recall Previous lecture, we constructed MACs for fixed length messages The GGM Pseudo-random Function (PRF) Construction Given. Pseudo-random Generator (PRG)
More informationNew Methods for Cryptanalysis of Stream Ciphers. The Selmer Centre Department of Informatics University of Bergen Norway
New Methods for Cryptanalysis of Stream Ciphers Håvard Molland The Selmer Centre Department of Informatics University of Bergen Norway 18th May 2005 Acknowledgments I would like to express my gratitude
More informationOutline. MSRI-UP 2009 Coding Theory Seminar, Week 2. The definition. Link to polynomials
Outline MSRI-UP 2009 Coding Theory Seminar, Week 2 John B. Little Department of Mathematics and Computer Science College of the Holy Cross Cyclic Codes Polynomial Algebra More on cyclic codes Finite fields
More informationIntroduction to finite fields
Chapter 7 Introduction to finite fields This chapter provides an introduction to several kinds of abstract algebraic structures, particularly groups, fields, and polynomials. Our primary interest is in
More informationPRIMITIVE RECURSIVE VECTOR SEQUENCES, POLYNOMIAL SYSTEMS AND DETERMINANTAL CODES OVER FINITE FIELDS. Doctor of Philosophy.
PRIMITIVE RECURSIVE VECTOR SEQUENCES, POLYNOMIAL SYSTEMS AND DETERMINANTAL CODES OVER FINITE FIELDS A Thesis Submitted in Partial Fulfillment of the Requirements For the Degree of Doctor of Philosophy
More informationPublic-Key Cryptosystems CHAPTER 4
Public-Key Cryptosystems CHAPTER 4 Introduction How to distribute the cryptographic keys? Naïve Solution Naïve Solution Give every user P i a separate random key K ij to communicate with every P j. Disadvantage:
More informationPREDICTING MASKED LINEAR PSEUDORANDOM NUMBER GENERATORS OVER FINITE FIELDS
PREDICTING MASKED LINEAR PSEUDORANDOM NUMBER GENERATORS OVER FINITE FIELDS JAIME GUTIERREZ, ÁLVAR IBEAS, DOMINGO GÓMEZ-PEREZ, AND IGOR E. SHPARLINSKI Abstract. We study the security of the linear generator
More informationLattice Reduction Attack on the Knapsack
Lattice Reduction Attack on the Knapsack Mark Stamp 1 Merkle Hellman Knapsack Every private in the French army carries a Field Marshal wand in his knapsack. Napoleon Bonaparte The Merkle Hellman knapsack
More informationALGEBRAIC SHIFT REGISTER SEQUENCES
ALGEBRAIC SHIFT REGISTER SEQUENCES Pseudo-random sequences are essential ingredients of every modern digital communication system including cellular telephones, GPS, secure internet transactions, and satellite
More informationOn the pseudo-random generator ISAAC
On the pseudo-random generator ISAAC Jean-Philippe Aumasson FHNW, 5210 Windisch, Switzerland Abstract. This paper presents some properties of he deterministic random bit generator ISAAC (FSE 96), contradicting
More informationSome Basic Notations Of Set Theory
Some Basic Notations Of Set Theory References There are some good books about set theory; we write them down. We wish the reader can get more. 1. Set Theory and Related Topics by Seymour Lipschutz. 2.
More informationWhat is Binary? Digital Systems and Information Representation. An Example. Physical Representation. Boolean Algebra
What is Binary? Digital Systems and Information Representation CSE 102 Underlying base signals are two valued: 0 or 1 true or false (T or F) high or low (H or L) One bit is the smallest unambiguous unit
More informationECEN 5682 Theory and Practice of Error Control Codes
ECEN 5682 Theory and Practice of Error Control Codes Introduction to Algebra University of Colorado Spring 2007 Motivation and For convolutional codes it was convenient to express the datawords and the
More informationQuadratic forms. Here. Thus symmetric matrices are diagonalizable, and the diagonalization can be performed by means of an orthogonal matrix.
Quadratic forms 1. Symmetric matrices An n n matrix (a ij ) n ij=1 with entries on R is called symmetric if A T, that is, if a ij = a ji for all 1 i, j n. We denote by S n (R) the set of all n n symmetric
More information2012 IEEE International Symposium on Information Theory Proceedings
Decoding of Cyclic Codes over Symbol-Pair Read Channels Eitan Yaakobi, Jehoshua Bruck, and Paul H Siegel Electrical Engineering Department, California Institute of Technology, Pasadena, CA 9115, USA Electrical
More informationImproved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5
Improved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5 Anne Canteaut 1 and Michaël Trabbia 1,2 1 INRIA projet CODES B.P. 105 78153 Le Chesnay Cedex - France Anne.Canteaut@inria.fr
More informationBlock vs. Stream cipher
Block vs. Stream cipher Idea of a block cipher: partition the text into relatively large (e.g. 128 bits) blocks and encode each block separately. The encoding of each block generally depends on at most
More informationDecoding Reed-Muller codes over product sets
Rutgers University May 30, 2016 Overview Error-correcting codes 1 Error-correcting codes Motivation 2 Reed-Solomon codes Reed-Muller codes 3 Error-correcting codes Motivation Goal: Send a message Don t
More informationNew Implementations of the WG Stream Cipher
New Implementations of the WG Stream Cipher Hayssam El-Razouk, Arash Reyhani-Masoleh, and Guang Gong Abstract This paper presents two new hardware designs of the WG-28 cipher, one for the multiple output
More information