Improved Cryptanalysis of the Self-Shrinking Generator

  • Erik Zenner
  • Matthias Krause
  • Stefan Lucks
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2119)


We propose a new attack on the self-shrinking generator [8]. The attack is based on a backtracking algorithm and will reconstruct the key from a short sequence of known keystream bits. We give both mathematical and empirical evidence for the effectiveness of this attack. The algorithm takes at most O(20.694L) steps, where L is the key length. Thus, our attack is more efficient than previously known key reconstruction algorithms against the self-shrinking generator that operate on short keystream sequences.


Search Tree Stream Cipher Independent Equation Linear Feedback Shift Register Left Child 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    S.R. Blackburn. The linear complexity of the self-shrinking generator. IEEE Transactions on Information Theory, 45(6):2073–2077, September 1999.Google Scholar
  2. [2]
    D. Coppersmith, H. Krawczyk, and Y. Mansour. The shrinking generator. In D.R. Stinson, editor, Advances in Cryptology-EUROCRYPT’ 93, volume 773 of LNCS, pages 22–39, Berlin, 1993. Springer-Verlag.CrossRefGoogle Scholar
  3. [3]
    J.D. Golić. Cryptanalysis of alleged A5 stream cipher. In W. Fumy, editor, Advances in Cryptology-EUROCRYPT’ 97, volume 1233 of LNCS, pages 239–255, Berlin, 1997. Springer-Verlag.Google Scholar
  4. [4]
    J.D. Golić and L. O’Connor. Embedding and probabilistic attacks on clock-controlled shift registers. In A. De Santis, editor, Advances in Cryptology-EUROCRYPT’ 94, volume 950 of LNCS, pages 230–243, Berlin, 1995. Springer-Verlag.CrossRefGoogle Scholar
  5. [5]
    S.W. Golomb. Shift Register Sequences. Aegean Park Press, Laguna Hills (CA), revised edition, 1982.Google Scholar
  6. [6]
    H. Krawczyk. The shrinking generator: Some practical considerations. In R. Andersen, editor, Fast Software Encryption’ 93, volume 809 of LNCS, pages 45–46, Berlin, 1994. Springer-Verlag.Google Scholar
  7. [7]
    J.L. Massey. Shift register synthesis and BCH decoding. IEEE Transactions on Information Theory, 15:122–127, 1969.zbMATHCrossRefMathSciNetGoogle Scholar
  8. [8]
    W. Meier and O. Staffelbach. The self-shrinking generator. In A. De Santis, editor, Advances in Cryptology-EUROCRYPT’ 94, volume 950 of LNCS, pages 205–214, Berlin, 1995. Springer-Verlag.CrossRefGoogle Scholar
  9. [9]
    M.J. Mihaljević. A faster cryptanalysis of the self-shrinking generator. In J. Pieprzyk and J. Seberry, editors, Advances in Cryptology-ACISP’ 96, volume 1172 of LNCS, pages 182–189, Berlin, 1996. Springer-Verlag.Google Scholar
  10. [10]
    I. Shparlinski. On some properties of the shrinking generator.
  11. [11]
    L. Simpson, J.D. Golić, and E. Dawson. A probabilistic correlation attack on the shrinking generator. In C. Boyd and E. Dawson, editors, Advances in Cryptology-ACISP’ 98, volume 1438 of LNCS, pages 147–158, Berlin, 1998. Springer-Verlag.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Erik Zenner
    • 1
  • Matthias Krause
    • 1
  • Stefan Lucks
    • 1
  1. 1.Theoretische InformatikUniversity of MannheimGermany

Personalised recommendations