Rainer Göttfert

An NLFSR-based stream cipher

We propose a hardware oriented 80-bit-key binary additive stream cipher. The keystream generator consists of ten nonlinear feedback shift registers whose output sequences are combined by a Boolean function of algebraic degree four. The design size of the keystream generator is about 2200 GE. In 130nm CMOS-technology, a throughput of more than 1 Gbps can be achieved. The length of the initial value used for resynchronization can be any multiple of eight between zero and eighty. The maximum amount of keystream that can be used between two resynchronization steps is 268 bits. A parallel implementation of the stream cipher produces one byte of keystream per clock cycle

On the frame length of Achterbahn-128/80

In this paper we examine a correlation attack against combination generators introduced by Meier et al. in 2006 and extended to a more powerful tool by Naya-Plasencia. The method has been used in the cryptanalysis of the stream ciphers Achterbahn and Achterbahn-128/80. No mathematical proofs for the method were given. We show that rigorous proofs can be given in an appropriate model, and that the implications derived from that model are in accordance with experimental results obtained from a true combination generator. We generalize the new correlation attack and, using that generalization, show that the internal state of Achterbahn-128 can be recovered with complexity 2119 using 248.54 consecutive keystream bits. In order to investigate a lower bound for the frame length of Achterbahn-128 we consider another application of the generalized correlation attack. This attack has complexity 2136 (higher than brute force) and requires 244.99 keystream bits. Similar results hold for Achterbahn-128. Due to these findings our new recommendation for the frame length of Achterbahn-128 and Achterbahn-80 is 244 bits.

Linear filtering of nonlinear shift-register sequences

Nonlinear n-stage feedback shift-register sequences over the finite field

Sequences of period 2 N–2

\mathbb{F}_q

Pseudorandom number generator

of period qn–1 are investigated under linear operations on sequences. We prove that all members of an easily described class of linear combinations of shifted versions of these sequences possess useful properties for cryptographic applications: large periods, large linear complexities and good distribution properties. They typically also have good maximum order complexity values as has been observed experimentally. A running key generator is introduced based on certain nonlinear feedback shift registers with modifiable linear feedforward output functions.

Improved Boolean Combining Functions for Achterbahn

We derive a formula for the minimal polynomial of the termwise product of binary sequences of least periods 2N–2. The obtained results are important in the analysis of keystream generators based on binary nonlinear N-stage feedback shift registers producing sequences of period 2N–2. Sequences of period 2N–1 are also considered.