Attacking the Filter Generator by Finding Zero Inputs of the Filtering Function

  • Frédéric Didier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4859)


The filter generator is an important building block in many stream ciphers. We present here an attack that recovers the initial state of the hidden LFSR by detecting the positions where the inputs of the filtering function are equal to zero. This attack requires the precomputation of low weight multiples of the LFSR generating polynomial. By a careful analysis, we show that the attack complexity is among the best known and work for almost all cryptographic filtering functions.


Stream cipher filter generator Boolean functions low weight multiples autocorrelation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BS00]
    Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, Springer, Heidelberg (2000)CrossRefGoogle Scholar
  2. [CF02]
    Canteaut, A., Filiol, E.: On the influence of the filtering function on the performance of fast correlation attacks on filter generators. In: 23rd Symposium on Information Theory in the Benelux, Louvain-la-Neuve, Belgium (May 2002)Google Scholar
  3. [CJM02]
    Chose, P., Joux, A., Mitton, M.: Fast correlation attacks: an algorithmic point of view. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 209–221. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  4. [CM03]
    Courtois, N., Meier, W.: Algebraic attacks on stream ciphers with linear feedback. In: Biham, E. (ed.) EUROCRPYT 2003. LNCS, vol. 2656, pp. 346–359. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. [Cou03]
    Courtois, N.: Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003)Google Scholar
  6. [CT00]
    Canteaut, A., Trabbia, M.: Improved fast correlation attacks using parity-check equations of weight 4 and 5. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 573–588. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. [EJ04]
    Englund, H., Johansson, T.: A new simple technique to attack filter generators and related ciphers. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 39–53. Springer, Heidelberg (2004)Google Scholar
  8. [GCD00]
    Golic, J.D., Clark, A., Dawson, Ed.: Generalized inversion attack on nonlinear filter generators. IEEE Trans. Comput. 49(10), 1100–1109 (2000)CrossRefGoogle Scholar
  9. [GH05]
    Golic, J.D., Hawkes, P.: Vectorial approach to fast correlation attacks. Des. Codes Cryptography 35(1), 5–19 (2005)CrossRefMathSciNetGoogle Scholar
  10. [Gol96]
    Golic, J.D.: On the security of nonlinear filter generators. In: Proceedings of the Third International Workshop on Fast Software Encryption, pp. 173–188. Springer, London (1996)Google Scholar
  11. [JJ00]
    Johansson, T., Jöhansson, F.: Fast correlation attacks through reconstruction of linear polynomials. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 300–315. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. [JJ02]
    Jönsson, F., Johansson, T.: A fast correlation attack on LILI-128. Information Processing Letters 81(3), 127–132 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  13. [LCPP96]
    Lee, S., Chee, S., Park, S.-J., Park, S.-M.: Conditional correlation attack on nonlinear filter generators. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 360–367. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  14. [Lev04a]
    Leveiller, S.: A new algorithm for cryptanalysis of filtered lfsrs: the “probability-matching” algorithm. ISIT 1978, 234 (2004)Google Scholar
  15. [Lev04b]
    Leveiller, S.: Quelques algorithmes de cryptanalyse du registre filtré. PhD thesis, Télécom Paris, ENST (November 2004)Google Scholar
  16. [LZGB03]
    Leveiller, S., Zémor, G., Guillot, P., Boutros, J.: A new cryptanalytic attack for PN-generators filtered by a boolean function. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 232–249. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. [MFI01]
    Mihaljevic, M.J., Fossorier, M.P.C., Imai, H.: A low-complexity and high-performance algorithm for the fast correlation attack. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 45–60. Springer, Heidelberg (2001)Google Scholar
  18. [MFI05]
    Mihaljevic, M., Fossorier, M.P., Imai, H.: Cryptanalysis of keystream generator by decimated sample based algebraic and fast correlation attacks. In: Maitra, S., Madhavan, C.E.V., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 155–168. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. [MFI06]
    Mihaljevic, M., Fossorier, M.P.C., Imai, H.: A general formulation of algebraic and fast correlation attacks based on dedicated sample decimation. In: Fossorier, M.P.C., Imai, H., Lin, S., Poli, A. (eds.) AAECC 2006. LNCS, vol. 3857, pp. 203–214. Springer, Heidelberg (2006)Google Scholar
  20. [MS88]
    Meier, W., Staffelbach, O.: Fast correlation attacks on stream ciphers. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 301–314. Springer, Heidelberg (1988)Google Scholar
  21. [RH07]
    Rønjom, S., Helleseth, T.: A new attack on the filter generator. In IEEE IT (to appear, 2007)Google Scholar
  22. [Sie85]
    Siegenthaler, T.: Decrypting a class of stream ciphers using ciphertext only. IEEE Trans. Computers 34(1), 81–85 (1985)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Frédéric Didier
    • 1
  1. 1.Projet CODES, INRIA Rocquencourt, Domaine de Voluceau, 78153 Le Chesnay cedex 

Personalised recommendations