Mutually Clock-Controlled Feedback Shift Registers Provide Resistance to Algebraic Attacks.
ABSTRACT Algebraic attacks have been applied to several types of clock-controlled stream ciphers. However, to date there are no such
attacks in the literature on mutually clock-controlled ciphers. In this paper, we present a preliminary step in this direction
by giving the first algebraic analysis of mutually clock-controlled feedback shift register stream ciphers: the bilateral
stop-and-go generator, A5/1, Alpha 1 and the MICKEY cipher. We show that, if there are no regularly clocked shift registers
included in the system, mutually clock-controlled feedback shift register ciphers appear to be highly resistant to algebraic
attacks. As a demonstration of the weakness inherent in the presence of a regularly clocked shift register, we present a simple
algebraic attack on Alpha 1 based on only 29 keystream bits.
Article: Gaussian elimination is not optimal[show abstract] [hide abstract]
ABSTRACT: t. Below we will give an algorithm which computes the coefficients of the product of two square matrices A and B of order n from the coefficients of A and B with tess than 4.7-n l°g7 arithmetical operations (all logarithms in this paper are for base 2, thus tog 7 ~ 2.8; the usual method requires approximately 2n 3 arithmetical operations). The algorithm induces algorithms for inverting a matrix of order n, solving a system of n linear equations in n unknowns, computing a determinant of order n etc. all requiring less than const n l°g 7 arithmetical operations. This fact should be compared with the result of KLYUYEV and KOKOVKINSHCHERBAK [1 ] that Gaussian elimination for solving a system of linearequations is optimal if one restricts oneself to operations upon rows and columns as a whole. We also note that WlNOGRAD [21 modifies the usual algorithms for matrix multiplication and inversion and for solving systems of linear equations, trading roughly half of the multiplications for additions and subtractions. It is a pleasure to thank D. BRILLINGER for inspiring discussions about the present subject and ST. COOK and B. PARLETT for encouraging me to write this paper. 2. We define algorithms e~, ~ which multiply matrices of order m2 ~, by induction on k: ~,0 is the usual algorithm, for matrix multiplication (requiring m a multiplications and m 2 (m- t) additions), e~,k already being known, define ~, ~ +t as follows: If A, B are matrices of order m 2 k ~ to be multiplied, write (All A~2 t (B~I B12~Numerische Mathematik 07/1969; 13(4):354-356. · 1.33 Impact Factor
Conference Proceeding: Algebraic Attacks on Clock-Controlled Cascade Ciphers.[show abstract] [hide abstract]
ABSTRACT: In this paper, we mount the first algebraic attacks against clock controlled cascade stream ciphers. We first show how to obtain relations between the internal state bits and the output bits of the Gollmann clock controlled cascade stream ciphers. We demonstrate that the initial states of the last two shift registers can be determined by the initial states of the others. An alternative attack on the Gollmann cascade is also described, which requires solving quadratic equations. We then present an algebraic analysis of Pomaranch, one of the phase two proposals to eSTREAM. A system of equations of maximum degree four that describes the full cipher is derived. We also present weaknesses in the filter functions of Pomaranch by successfully computing annihilators and low degree multiples of the functions.Progress in Cryptology - INDOCRYPT 2006, 7th International Conference on Cryptology in India, Kolkata, India, December 11-13, 2006, Proceedings; 01/2006
- [show abstract] [hide abstract]
ABSTRACT: We show in this paper how to apply well known methods from sparse linear algebra to the problem of computing the immunity of a Boolean function against algebraic or fast algebraic attacks. For an n-variable Boolean function, this approach gives an algorithm that works for both attacks in O(n2nD) complexity and O(n2n) memory. Here D = `n dand d corresponds to the degree of the algebraic system to be solved in the last step of the attacks. For algebraic attacks, our algorithm needs significantly less memory than the algorithm in (ACG+06) with roughly the same time complexity (and it is precisely the memory usage which is the real bottleneck of the last algorithm). For fast algebraic attacks, it does not only improve the memory complexity, it is also the algorithm with the best time complexity known so far for most values of the degree constraints.Progress in Cryptology - INDOCRYPT 2006, 7th International Conference on Cryptology in India, Kolkata, India, December 11-13, 2006, Proceedings; 01/2006