Breaking Modified Bruer Generator by Solving the System of Linear Equations of the Generated Sequence

Similar documents
Maximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers

Linear Algebra I Lecture 8

Pseudo-Random Number Generators

Implementing A New Serial Control As Nonlinear Function for Key Stream Pseudo-Random Number Generator

Lecture 10-11: General attacks on LFSR based stream ciphers

STREAM CIPHER. Chapter - 3

Design of Pseudo-Random Spreading Sequences for CDMA Systems

Sequences, DFT and Resistance against Fast Algebraic Attacks

Optimizing the placement of tap positions. joint work with Enes Pasalic, Samed Bajrić and Yongzhuang Wei

IEOR SEMINAR SERIES Cryptanalysis: Fast Correlation Attacks on LFSR-based Stream Ciphers

Modified Alternating Step Generators

Study of the Performance of Batch Reactive Distillation Column

Appendix A. Pseudo-random Sequence (Number) Generators

Cryptanalysis of Achterbahn

L9: Galois Fields. Reading material

Cryptographic D-morphic Analysis and Fast Implementations of Composited De Bruijn Sequences

1 Introduction. 2 Calculation of the output signal

On The Nonlinearity of Maximum-length NFSR Feedbacks

Transform Domain Analysis of DES. Guang Gong and Solomon W. Golomb. University of Southern California. Tels and

Maximum Length Linear Feedback Shift Registers

A GENERAL FRAMEWORK FOR GUESS-AND-DETERMINE AND TIME-MEMORY-DATA TRADE-OFF ATTACKS ON STREAM CIPHERS

النمذجة العذدية للجريان المضطرب في قناة مفتوحة متوسعة المقطع

Design of Filter Functions for Key Stream Generators using Boolean Power Functions Jong-Min Baek

FAST! Tajweed Intensive Workshop! Rules of Noon Sakinah & Tanween Part 1

Linear Feedback Shift Registers

Improvements to Correlation Attacks Against Stream. Ciphers with Nonlinear Combiners. Brian Stottler Elizabethtown College

GENERATION OF PRIMITIVE BINARY POLYNOMIALS

Smart Hill Climbing Finds Better Boolean Functions

Combinatorics of p-ary Bent Functions

Some long-period random number generators using shifts and xors

All living things, big and small, are known as organisms.

4.3 General attacks on LFSR based stream ciphers

Analysis of Modern Stream Ciphers

Implementation of the RSA algorithm and its cryptanalysis. Abstract. Introduction

Minimax Estimation Of The Parameter Of The Maxwell Distribution Under Quadratic Loss Function

Counting Two-State Transition-Tour Sequences

Cross-Validation of Elevation Data Interpolation

Algebraic Immunity of S-boxes and Augmented Functions

Block vs. Stream cipher

Simulation study of using shift registers based on 16 th Degree Primitive Polynomials

Affine equivalence in the AES round function

Minimal polynomials of the modified de Bruijn sequences

A SHORT SURVEY OF P-ARY PSEUDO-RANDOM SEQUENCES. Zhaneta Tasheva

Haar Spectrum of Bent Boolean Functions

Searching for Nonlinear Feedback Shift Registers with Parallel Computing

SOLUTION OF SECOND ORDER PARTIAL DIFFERENTIAL EQUATIONS WITH VARIABLE COEFFICIENTS

Thesis Research Notes

Fast correlation attacks on certain stream ciphers

Nonlinear Evolution Equations and Inverse Scattering. Abd-Alrahman Mahmoud Shehada Jabr

Generalized Correlation Analysis of Vectorial Boolean Functions

New Implementations of the WG Stream Cipher

Algebraic attack on stream ciphers Master s Thesis

Nonlinear Equivalence of Stream Ciphers

Abstract. The study reached some important recommendations, such as:

Linear Cellular Automata as Discrete Models for Generating Cryptographic Sequences

Stream Ciphers: Cryptanalytic Techniques

Noon Sakinah and Tanween. Chapter 5

Farooq s Oratory Speechen A stylistic Study :

Correcting Codes in Cryptography

Grade 2 Term 3 Portion Paper

The LILI-128 Keystream Generator

Constructing a Ternary FCSR with a Given Connection Integer

Self-shrinking Bit Generation Algorithm Based on Feedback with Carry Shift Register

Classical Cryptography

Maiorana-McFarland class: Degree optimization and algebraic properties

Construction and Count of Boolean Functions of an Odd Number of Variables with Maximum Algebraic Immunity

A Weak Cipher that Generates the Symmetric Group

a fast correlation attack implementation

On the Primitivity of some Trinomials over Finite Fields

On the computation of best second order approximations of Boolean Functions ΕΤΗΣΙΑ ΕΚΘΕΣΗ 2010

۲۷۹۶ 0 "' ی " #! ۴۳ و م د ; < : ی"98! ی"#"!

LILI Keystream Generator

Linear Approximations for 2-round Trivium

FResCA: A Fault-Resistant Cellular Automata Based Stream Cipher

UNPREDICTABLE BINARY STRINGS

Lecture 6: Introducing Complexity

A Scalable Method for Constructing Galois NLFSRs with Period 2 n 1 using Cross-Join Pairs

Can You Hear Me Now?

Cryptographically Robust Large Boolean Functions. Debdeep Mukhopadhyay CSE, IIT Kharagpur

Periodicity and Distribution Properties of Combined FCSR Sequences

Filtering Nonlinear Feedback Shift Registers using Welch-Gong Transformations for Securing RFID Applications

Computing the biases of parity-check relations

Further improving security of Vector Stream Cipher

Functions on Finite Fields, Boolean Functions, and S-Boxes

On Stream Ciphers with Small State

Trace Representation of Legendre Sequences

Division of Trinomials by Pentanomials and Orthogonal Arrays

Fast Algebraic Immunity of 2 m + 2 & 2 m + 3 variables Majority Function

Topics. Pseudo-Random Generators. Pseudo-Random Numbers. Truly Random Numbers

CHAPMAN & HALL/CRC CRYPTOGRAPHY AND NETWORK SECURITY ALGORITHMIC CR YPTAN ALY51S. Ant nine J aux

CRC Press has granted the following specific permissions for the electronic version of this book:

A Block Cipher using an Iterative Method involving a Permutation

Some long-period random number generators using shifts and xors

Linear Cellular Automata as Discrete Models for Generating Cryptographic Sequences

Improved Cascaded Stream Ciphers Using Feedback

GENERATING TERNARY SIMPLEX CODES ARISING FROM COMPLEX HADAMARD MATRICES

Solution of Linear Electrical Circuit Problem using Differential Transformation Method

Differential Equations and Linear Algebra Supplementary Notes. Simon J.A. Malham. Department of Mathematics, Heriot-Watt University

Some long-period random number generators using shifts and xors

Periodicity, Complementarity and Complexity of 2-adic FCSR Combiner Generators

Transcription:

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 Breaking Modified Bruer Generator by Solving the System of Linear Equations of the Generated Sequence Falih Hassan Awaid Email: falih_hassen@yahoo.com Al-Rafidain College University- Software Engineering Dept. Abstract: Linear Feedback Shift Register (LFSR) systems are used widely in stream cipher systems field. Golomb used the recurrence relation to find the next state values of single LFSR depending on initial values, s.t. he can be considered the first who can construct a linear equations system of a single LFSR. Attacking of key generator means attempt to find the initial values of the combined LFSR's. In this paper, a Golomb's method introduced to construct a linear equations system of a single LFSR. This method developed to construct a linear equations system of key generator (a LFSR system) where the effect of combining function of LFSR is obvious. Finally, before solving the linear equations system, the uniqueness of the solution must be tested, then solving the linear equations system using one of the classical methods like Gauss Elimination. Find Journal of Al Rafidain University College 48 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 the solution of linear equations system means find the initial values of the generator. One of the known generators; Modified Bruer generator, treated as a practical example of this work. Keywords: Linear Feedback Shift Register (LFSR), System of Linear Equations (SLE), Gauss Elimination Method, Bruer generator.. Introduction The LFSR System (LFSRS) consists of two main basic units, the feedback function and initial state values []. The second one is, the Combining Function (CF), which is a Boolean function [2]. Most of all Stream Cipher System's are depending on these two basic units. Figure () shows a simple diagram of LFSRS consists of n LFSR's. LFSR LFSR 2 CF S LFSR n Figure () A system of n_lfsr s. This paper aims to find the initial values of every LFSR in the system depending on the following information:. The length of every LFSR and its feedback function are known. 2. The CF is known. Journal of Al Rafidain University College 49 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 3. The output sequence S (keystream) generated from the LFSRS is known, or part of it, practically, that means, a probable word attack be applied []. This work consists of three stages, constructing system of linear equations, testing the existence and the uniqueness of the solution of this system, and lastly, solving the system of linear equations. 2. Constructing a System of Linear Equations for Single LFSR Before involving in solving the System Linear Equations (SLE), it should show how could be the SLE of a single LFSR constructed, since its considered a basic unit of LFSRS. Let s assume that all LFSR that are used are maximum LFSR, that means, Period (P)=2 r -, where r is LFSR length. Let SR r be a single LFSR with length r, let A =(a -,a -2,,a -r ) be the initial value vector of SR r, s.t. a -j, jr, be the component j of the vector A, in another word, a -j is the initial bit of stage j of SR r, let C T =(c,,c r ) be the feedback vector, c j {,}, if c j = that means the stage j is connected. Let S= m s i be the sequence (or i S=(s,s,,s m- ) read S vector ) with length m generated from SR r. The generating of S depending on the following equation [3]: s i =a i = a i jc r j j i=,, Equation () represents the linear recurrence relation. The objective is finding the A, when r, C and S are known. () Let M be a rr matrix called the generating matrix or characteristic matrix, which is describes the initial phase of SR r, where the st column is the vector C and the rest columns are the Identity matrix I without the last column. M=(C I rr- ), where M =I. Let A represents the new initial state of SR r after one shift, s.t. Journal of Al Rafidain University College 5 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 c c 2 A =A M=(a -,a -2,,a -r ) c r In general, ( r j a j c j,a -,,a -r ). A i =A i- M, i=,2, ( 2) A i represents the initial state of SR r after i shifts. Equation (2) can be considered as a recurrence relation, so we have: A i =A i- M=A i-2 M 2 = =A M i (3) The matrix M i represents the i phase of SR r, equations (2,3) can be considered as a Markov Process s.t., A, is the initial probability distribution, A i represents probability distribution and M be the transition matrix [4]. notice that: M 2 =[C C I rr-2 ] and so on until get M i =[C i- C I rr-i ], where i<r. When C P =C then M P+ =M. Now let s calculate C i [5] s.t. C i =MC i-, i=,2, Where C i is the feedback vector after i shifts. Equation () can be rewritten as: A C i =s i, i=,,..,r- (4) (5) When i= then A C =s is the st equation of the SLE, i= then A C =s is the 2 nd equation of the SLE, and i=r- then A C r- =s r- is the r th equation of the SLE. In general: A С=S (6) Journal of Al Rafidain University College 5 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 Journal of Al Rafidain University College 52 ISSN (68 687) С represents the matrix of all C i vectors s.t. С=(C C C r- ) (7) The SLE can be formulated as: Y=[ С T S T ] (8) Y represents the extended matrix of the SLE. Example () Let the SR 4 has C T =(,,,) and S=(,,,), by using equation (4), we get: C =MC =, in the same way, C 2 =,C 3 = From equation (6) we have: A =(,,,), this system can be written as equations: s.t. A is the initial state vector of SR r, a -3 +a -4 = a -2 +a -3 = a - +a -2 = a - +a -3 +a -4 =

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 (for simplicity we can omitted the sign (-)). Then the SLE after using formula (8) is: Y= (9) 3. Modified Bruer Generator 3. Modified Bruer Generator Description Bruer system as usual consists from odd LFSR s [5]. In this paper, 5 LFSR's are chosen, where the CF of this generator is: F 5 (x,x 2,x 3,x 4,x 5 )=x x 2 x 3 +x x 2 x 4 +x x 2 x 5 +x x 3 x 4 +x x 4 x 5 +x 2 x 3 x 4 +x 2 x 3 x 5 +x x 2 x 3 +x 2 x 4 x 5 +x 3 x 4 x 5 +x x 2 x 3 x 4 +x x 2 x 3 x 5 +x x 2 x 4 x 5 +x x 3 x 4 x 5 +x 2 x 3 x 4 x 5 () so this system is called modified. 3.2 Efficiency Criteria ) Periodicity The sequence S has period P(S) when s =s P(S),s =s P(S)+,, the period of LFSR i denotes by P(S i ), P(S) and P(S i ) are least possible positive integers, so P(S)=lcm(P(S ),P(S 2 ),,P(S n )) () The period P(S) of S, which product from key generator, depends on the LFSR unit only and there is no effect of CF unit. Journal of Al Rafidain University College 53 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 P(S) will has lower bound when r=r i in, and upper bound when P(S i ) are relatively prime with each other therefore: P(S r )P(S) P (S ). i n i The objective is that key generator must have an upper bound to: P(S) s.t.: n P(S)= P (S ) (2) i i It s known earlier that P(S i ) 2 ri, and if the LFSR i has maximum period then P(S i )= 2 ri [3]. Theorem () [6] n ri P(S)=( 2 ) if and only if the following conditions are holds: i. GCD n (P(S i ))=,. 2. the period of each LFSR has maximum period (P(S i )= 2 ri ). r For Modified Bruer generator P(S)= (2 i ). Example (2) if r i =2,3,,6 for i =,...,5, then: P(S)=l.c.m(3,7,5,3,63) =l.c.m(3.5.7.3, 3.5.7.3, 3.5.7.3,3.5.7.3, 3 2.5.7.3 ) = 3 max(,,2).5 max(,).7 max(,).3 max(,) = 3 2.5.7.3 =9765. 2) Randomness For our purposes, a sequence generator is pseudo-random if it has this property: It looks random. This means that it passes all the statistical tests of randomness that we can find []. 5 i Journal of Al Rafidain University College 54 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 Definition () []: A random bit generator is a device or algorithm which outputs a sequence of statistically independent and unbiased binary digits. The sequence that is satisfied the 3-randomness properties called PRS [3]. The randomness criterion depends on LFSR s and CF units, therefore from the important conditions to get Pseudo Random Sequence is that the sequence must be maximal and the CF of LFSR system must be balance. From the truth table of CF of modified Bruer, notice that the ratio of number of 's to the total output of the function = 32 (2 5 =32) is.5, this mean the number of 's = 6 and so as the number of 's, that's indicates that this generator can generates random sequence. The truth table of CF is shown in table (). Journal of Al Rafidain University College 55 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 Table () Truth table of CF of modified Bruer generator. x x 2 x 3 x 4 x 5 F 5.6875.6875.6875.6875.6875.5 Correlation Probability (CP i ) for each LFSR Ratio of "" Note: the shaded cells means the similarity between x i and the output of CF. Journal of Al Rafidain University College 56 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 3) Linear Complexity The Linear Complexity is defined as the length, of the shortest LFSR (which is equivalent LFSR) that can mimic the generator output. Any sequence generated by a finite-state machine over a finite field has a finite linear complexity [7]. Let's denotes the Linear Complexity for the generated sequence by LC(S), then it can by calculated by: LC(S)=r r 2 r 3 +r r 2 r 4 +r r 2 r 5 +r r 3 r 4 +r r 4 r 5 +r 2 r 3 r 4 +r 2 r 3 r 5 +r r 2 r 3 +r 2 r 4 r 5 +r 3 r 4 r 5 +r r 2 r 3 r 4 +r r 2 r 3 r 5 +r r 2 r 4 r 5 +r r 3 r 4 r 5 +r 2 r 3 r 4 r 5. Example (3) Let's use the same information mentioned in example (2), then: LC(S)=2*3*4+2*3*5+2*3*6+2*4*5+2*4*6+2*5*6+3*4*5+3*4*6 +3*5*6+4*5*6 =2*3*4*5+2*3*4*6+2*3*5*6+2*4*5*6+3*4*5*6=624 4) Correlation Immunity Correlation can be defined as the relation between the sequence of CF=F n from the key generator and the sequences that are combined each other by CF. This relation caused because of the non-linearity of the function F n. The correlation probability CP(x), in general, represents the ratio between the number of similar binaries of two sequences to the length of the compared part of them. F n has m th order CI, if the output z of F n is statistically independent from m output from m-sequences (x,x 2,...,x m ), of n combined sequences s.t. mn. Notes from table () (from the shaded cells) that the number of similarity between x i and the output of CF is 6 bits from the total number 32 bits i, then the correlation probability (CP i ) can be calculated as: CP i = 22/32 =.6875, for i =,2,,5. Let's denotes the Correlation Immunity for the generated sequence by CI(S), then it can by calculated by: CI(S) =, Journal of Al Rafidain University College 57 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 since the number of immune x i =. This indicates that this generator can be attacked by correlation attack or fast correlation attack [8]. 4. Constructing A SLE for modified Bruer Generator In general for any generator, let s have n of SR with length r j, c j c 2j j=,2,,n, and feedback vector C j =,and has unknown initial c rjj value vector A j =(a -j,,a -rjj ), so SR r has M j j =(C j I rj rj ) By using recurrence equation (4), rj C ij =M j C i-,j, i=,2, (3) by using equation (5): A j C ij =s ij, i=,,,r- and S j =(s j,s j,,s m-,j ). S j represents the output vector ofsr, which of course, is unknown too. m represents the number of variables produced from the LFSR s with consideration of CF, in the same time its represents the number of equations which are be needed to solve the SLE. Of course, there is n of SLE (one SLE for each rj SR with unknown absolute values). Now let's back to Modified Bruer system, let A be the extended vector for m variables, which consists of initial values from all LFSR s and С is the matrix of C i vectors considering the CF, C i represents the extended vector of all feedback vectors C ij, then A С=S. From CF the number of variables (m) are: rj m=r r 2 r 3 +r r 2 r 4 +r r 2 r 5 +r r 3 r 4 +r r 4 r 5 +r 2 r 3 r 4 +r 2 r 3 r 5 +r r 2 r 3 +r 2 r 4 r 5 +r 3 r 4 r 5 +r r 2 r 3 r 4 +r r 2 r 3 r 5 + r r 2 r 4 r 5 +r r 3 r 4 r 5 +r 2 r 3 r 4 r 5. Journal of Al Rafidain University College 58 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 The initial value is: A =A A 2 A 3 +A A 2 A 4 +A A 2 A 5 +A A 3 A 4 +A A 4 A 5 +A 2 A 3 A 4 +A 2 A 3 A 5 +A A 2 A 3 +A 2 A 4 A 5 +A 3 A 4 A 5 +A A 2 A 3 A 4 +A A 2 A 3 A 5 +A A 2 A 4 A 5 +A A 3 A 4 A 5 +A 2 A 3 A 4 A 5 = (x,x,,x m- ), s.t. x =a - a -2 a -3, x =a - a -2 a -23,,x m- = a 2a r 3a r 4 r 5 r a 2 3 4 5 (this arrangement is not standard so it can be changed according to the researcher requirements). For simplicity let's denote the unknowns of SR by 'a', SR 2 by 'b', and so on, let's denote the unknowns of SR 5 by 'e', and so on, therefore: x =a b c, x =a b c 2,,x m- = b r2 c r3 d r4 e r5 (4) In the same way, equation (4) can be applied on the feedback vector C ij : C i =C i C i2 C i3 +C i C i2 C i4 +C i C i2 C i5 +C i C i3 C i4 +C i C i4 C i5 +C i2 C i3 C i4 +C i2 C i3 C i5 +C i C i2 C i3 +C i2 C i4 C i5 +C i3 C i4 C i5 +C i C i2 C i3 C i4 +C i C i2 C i3 C i5 +C i C i2 C i4 C i5 +C i C i3 C i4 C i5 +C i2 C i3 C i4 C i5. And the sequence S will be: S=S S 2 S 3 +S S 2 S 4 +S S 2 S 5 +S S 3 S 4 +S S 4 S 5 +S 2 S 3 S 4 +S 2 S 3 S 5 +S S 2 S 3 +S 2 S 4 S 5 +S 3 S 4 S 5 +S S 2 S 3 S 4 +S S 2 S 3 S 5 +S S 2 S 4 S 5 +S S 3 S 4 S 5 +S 2 S 3 S 4 S 5 s.t. s i =s i s i2 s i3 +s i s i2 s i4 +s i s i2 s i5 +s i s i3 s i4 +s i s i4 s i5 +s i2 s i3 s i4 +s i2 s i3 s i5 +s i s i2 s i3 +s i2 s i4 s i5 +s i3 s i4 s i5 +s i s i2 s i3 s i4 +s i s i2 s i3 s i5 +s i s i2 s i4 s i5 +s i s i3 s i4 s i5 +s i2 s i3 s i4 s i5, where s i is the element i of S. So the SLE can be obtained by equation (6). Figure (2) shows the sequence S which is generated from modified Bruer Generator [5]. Journal of Al Rafidain University College 59 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 Journal of Al Rafidain University College 6 ISSN (68 687) Example (4) Let s have the following feedback vectors for 5 LFSR's with lengths 2,3,4,5 and 6: C =, C2 =, C 3 =, C 4 =, C 5 = then m=624. Let the output sequences be: S=(,,,,,,,,,,,,,,,,) C, =C 3, =C 6, =C 9, = =C 62, =C 623, =,C, =C 4, =C 7, =C, =... =C 68, =C 62, =, C2 =C 5 =C 8 =C, = =C 69, =C 622, =. LFSR LFSR2 LFSR3 LFSR4 LFSR5 Majority Function S Figure (2) modified Bruer generator [5].

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 Journal of Al Rafidain University College 6 ISSN (68 687) C,2 = =C 67,2 =,C,2 = =C 68,2 =,C 2,2 = =C 69,2 =,C 3,2 = =C 62,2 =, C 4,2 = =C 62,2 =,C 5,2 = =C 622,2 =, C 6,2 = =C 623,2 =. C,3 = =C 69,3 =,C,3 = =C 6,3 =,C 2,3 = =C 6,3 =,C 3,3 = =C 62,3 =, And so on until we get: C 2,3 =.=C 62,3 =, C 3,3 = =C 622,3 =,C 4,3 = =C 623,3 =. In the same process we get C i,4 and C i,5, for i=,2,,623. by applying equation (4), C T will be: C T =(,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,). Therefore, then the augmented (623 623) matrix Y will be:

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 Y =. (5). 5. Test The Uniqueness of The Solution of SLE Since the system of m variables, then there are 2 m - equations, but only m independent equations are needed to solve the system. If the system contains dependent equations, then the system has no unique solution. So first it should test the uniqueness of solution of the system by many ways like calculating the rank of the system matrix (r(с T )) or by finding the determinant of the matrix. If the rank equal the matrix degree (deg(с T )), then the system has unique solution, else (r(с T )< deg(с T )) the system has no unique solution. In order to calculate the r(с T ) it has to use the elementary operations to convert the С T matrix to a simplest matrix by making, as many as possible of, the matrix elements zero s. The elementary operations should be applied in the rows and columns of the matrix С T, if it converts to Identity matrix then r(с T )=deg(с T )=m, then we can judge that С T has unique solution [9]. Example (5) Let s have the matrix С T =, by using the elementary operations, the matrix can be converted to the matrix С T* =, Journal of Al Rafidain University College 62 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 this matrix has rank =4=deg(С T ) then the matrix has unique solution. For modified Bruer generator, we obtain that the SLE has unique solution, of course we have to chose 624 independent equations not all are in sequence order. 6. Solving The SLE After be sure that the SLE has unique solution, the SLE can be solved by using one of the most common classical methods, its Gauss Elimination method. This method chosen since it has lower complexity than other methods. As known, this method depending in two main stages, first, converting the matrix Y to up triangular matrix, and the second one, is finding the converse solution [8]. Example (6) shows the solving of a single SLE for one LFSR. Example (6) Let s use the matrix Y of equation (9), after applying the elementary operations, and then the up triangular matrix is: Y Now applying the backward solution to get the initial value vector: A =(,,,). The SLE of 5_LFSR s is more complicated than SLE of a single LFSR, specially, if the CF is high order (non-linear) function. First, it should solve the variables which are consists of multiplying more than one initial variable bits of the combined LFSR s. As an example of modified Bruer generator, its going to solve the variables d k, km-, then solving the initial values a -ij since x k is represented by multiplying three initial bits in terms, and four initial bits in 5 terms. In another word, every system has Journal of Al Rafidain University College 63 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 its own SLE system because of the CF, so it has own solving method. As an example to find the variables a -ij of modified Bruer generator, after solving the SLE we found that 9 variables (x k ) equal () from the whole number of variables, s.t.: x 23 =x 53 =x 89 =x 29 =x 77 =x 237 =x 297 =x 369 =x 459 =x 579 =x 699 =x 843 =x 23 =x 263 =x 623 =. From equation (4), we know that every x k is consists from product of three or four unknowns, where a i,b j,c k,d l,e n are initial values the five LFSR's contribute in modified Bruer generator s.t. i=,2,3,4,5. The SLE system Y which mentioned in example (4) will be solved in the next example. Example (7) x 23 =a 2 *b 3 *c 4 =, this means a 2 =b 3 =c 4 = and x 53 =a 2 *b 3 *d 5 = this means a 2 =b 3 =d 5 = and so on until we found all the initial values of all LFSR's contribute the modified Bruer generator. After applying the above process we get: A =(a,a 2 )=(a -,a -2 )=(,). A 2 =(b,b 2,b 3 )=(a -2,a -22,a -32 )=(,,). A 3 =(c,c 2,c 3,c 4 )=(a -3,a -23,a -33,a -43 )=(,,,). A 4 =(d,d 2,d 3,d 4,d 5 )=(a -4,a -24,a -34,a -44,a -54 )=(,,,,). A 5 =(e,e 2,e 3,e 4,e 5,e 6 )=(a -5,a -25,a -35,a -45,a -55,a -65 )=(,,,,,). 7. Conclusions ) If we change our attack from known plain attack to cipher attack only, which means, changing in the sequence S (non-pure absolute values), so we shall find a new technique to isolate the right equations in order to solve the SLE. 2) It is not hard to construct a SLE of any other LFSR systems; of course, we have to know all the necessary Journal of Al Rafidain University College 64 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 information (CF, the number of combined LFSR's and their lengths and tapping). 3) Notice that m is high (m=624) because of the nonlinearity of the combining function CF (majority function), and because of changing the non-linear variables to new variables, so we think that it can keep m as number of non-linear variables and solving the nonlinear system by using direct methods after applying the suitable modifying. Journal of Al Rafidain University College 65 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 References []. Schneier, B., Applied Cryptography (Protocol, Algorithms and Source Code in C. Second Edition, John Wiley & Sons Inc. 997. [2]. Whitesitt, J. E., Boolean Algebra and its Application, Addison-Wesley, Reading, Massachusetts, April, 25. [3]. Golomb, S.W., Shift Register Sequences San Francisco: Holden Day, 967, Reprinted by Aegean Park Press in 982. [4]. Papoulis, A. Probability Random Variables, and Stochastic Process, McGraw-Hill College, October, 25. [5]. Brüer, J. O., On Nonlinear Combinations of Linear Shift Register Sequences Internal Report LITH-ISY-- 572,983. [6]. Al-Shammari, A. G., Mathematical Modeling and Analysis Technique of Stream Cipher Cryptosystems, Ph. D. Thesis, University of Technology, Applied Sciences, 29. [7]. Massey, J. L., Cryptography and System Theory, Proceedings of the 24 th Allerton Conference on Communication, Control, and Computers, -3 Oct. 986. [8]. Siegenthaler, T., Correlation-Immunity of Nonlinear Combining Functions for Cryptographic Applications, IEEE Transactions on Information Theory, v. IT-3, n. 5, pp. 776-78, Sep. 984. [9]. Jennings, A. and Mckeown, Matrix Computation, John Wiley & Sons Inc., November, 23. Journal of Al Rafidain University College 66 ISSN (68 687)

Breaking Modified Bruer Generator Falih H. Awaid Issue No. 3/22 المستخلص كسر مولذ برور المحور من خالل حل نظام المعادالت الخطية الخاص بالمتابعة المخرجة له فالح حسن عويذ كهية انشافذي انجايؼة / قسى ذسة انبشايجيات نقذ اسحخذيث ا ظ ة ان سجم انضاحف انخطي ر انحغزية انحشاجؼية بشكم اسغ في يجال ا ظ ة انحشفيش اال سيابي اسحخذو ك ن يب انؼالقة انحكشاسية ال يجاد قيى انحانة انحانية ن سجم صاحف ي فشد باالػح اد ػه انقيى االبحذائية ن نزنك اػحبش ا ل ي أ شأ ظاو يؼادالت خطية ن سجم صاحف ي فشد ا ي اج ة ي نذ يفاجيح يؼ ي يحا نة ايجاد انقيى االبحذائية ن سجالج انضاحفة. في زا انبحث جى أ ال ػشض طشيقة ك ن يب إل شاء ظاو يؼادالت خطية ن سجم صاحف ي فشد ثا يا جى جط يش ز انطشيقة إل شاء ظاو يؼادالت خطية ن نذ يفاجيح )ي ظ ية يسجالت صاحفة ) انحي يظ ش في ا جهيا جأثيش انذانة ان شكبة أخيشا قبم انشش ع بحم رنك ان ظاو انخطي ػهي ا اخحباس ج فش حذا ية انحم ن زا ان ظاو ي ثى حم زا ان ظاو باسحخذاو احذ انطشق انحقهيذية ان ؼش فة يثم طشيقة كا ط نهحزف ا حم ظاو ان ؼادالت انخطية يؼ ي ايجاد انقيى االبحذائية نه سجالت انضاحفة ان شحشكة في ان نذ ا ي نذ بش س ان ح س ي ان نذات ان ؼش فة سيك ان شاد ي اج ح في زا انبحث. ان ثال انؼ هي Journal of Al Rafidain University College 67 ISSN (68 687)

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback