Security Analysis of the Generalized Self-shrinking Generator
- 720 Downloads
In this paper, we analyze the generalized self-shrinking generator newly proposed in . Some properties of this generator are described and an equivalent definition is derived, after which two attacks are developed to evaluate its security. The first attack is an improved clock-guessing attack using short keystream with the filter function (vector G) known. The complexity of this attack is O(20.694n), where n is the length of the LFSR used in the generator. This attack shows that the generalized self-shrinking generator can not be more secure than the self-shrinking generator, although much more computations may be required by it. Our second attack is a fast correlation attack with the filter function (vector G) unknown. We can restore both the initial state of the LFSR with arbitrary weight feedback polynomial and the filter function (vector G) with complexity much lower than the exhaustive search. For example, for a generator with 61-stage LFSR, given a keystream segment of 217.1 bits, the complexity is around 256, which is much lower than 2122, the complexity of the exhaustive search.
KeywordsStream cipher Self-shrinking generator Clock control Fast correlation attack Linear feedback shift register
Unable to display preview. Download preview PDF.
- 5.Coppersmith, D., Krawczyk, H., Mansour, Y.: The Shrinking Generator. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 22–39. Springer, Heidelberg (1994)Google Scholar
- 9.Krawczyk, H.: The shrinking generator: Some practical considerations. In: Anderson, R. (ed.) FSE 1993. LNCS, vol. 809, pp. 45–46. Springer, Heidelberg (1994)Google Scholar