Sara D. Cardell

Recovering the MSS-sequence via CA

Abstract A cryptographic sequence generator, the modified self-shrinking generator (MSSG), was recently designed as a novel version of the self-shrinking generator. Taking advantage of the cryptographic properties of the irregularly decimated generator class, the MSSG was mainly created to be used in stream cipher applications and hardware implementations. Nevertheless, in this work it is shown that the MSSG output sequence, the so-called modified self-shrunken sequence, is generated as one of the output sequences of a linear model based on Cellular Automata that use rule 60 for their computations. Thus, the linearity of these structures can be advantageous exploited to recover the complete modified self-shrunken sequence from a number of intercepted bits.

A Construction Of MDS Array Codes

The work of the first and the second authors was partially supported by Spanish grant MTM2011-24858 of the Ministerio de Economia y Competitividad of the Gobierno de Espana. The work of first author was also partially supported by a grant for research students from the Generalitat Valenciana with reference BFPI/2008/138. The work of the third author was partially supported by the research project UMH-Bancaja with reference IPZS01.

Linearity in decimation-based generators: an improved cryptanalysis on the shrinking generator

Abstract Decimation-based sequence generators are a class of non-linear cryptographic generators designed to be used in hardware implementations. An inherent characteristic of such generators is that their output sequences are interleaved sequences. This profitable characteristic can be used in the cryptanalysis of those generators. In this work, emphasis is on the most representative decimation-based generator, the shrinking generator, which has been cryptanalyzed just by solving linear equation systems. Compared with previous cryptanalysis, computational complexity and intercepted sequence requirements are dramatically reduced. Although irregularly decimated generators have been conceived and designed as non-linear sequence generators, in practice they can be easily analyzed in terms of simple linear structures.

Linear Models for High-Complexity Sequences

Different binary sequence generators produce sequences whose period is a power of 2. Although these sequences exhibit good cryptographic properties, in this work it is proved that such sequences can be obtained as output sequences from simple linear structures. More precisely, every one of these sequences is a particular solution of a linear difference equation with binary coefficients. This fact allows one to analyze the structural properties of the sequences with such a period from the point of view of the linear difference equations. In addition, a new application of the Pascal’s triangle to the cryptographic sequences has been introduced. In fact, it is shown that all these binary sequences can be obtained by XORing a finite number of binomial sequences that correspond to the diagonals of the Pascal’s triangle reduced modulo 2.

Discrete linear models for the generalized self-shrunken sequences

Abstract In this work, different decimation-based sequence generators for cryptographic purposes have been analyzed in detail. In fact, the modified self-shrinking generator was first introduced as an improved version of the self-shrinking generator. However, it is here proven that the sequences produced by both generators belong to the same family of sequences, that is the class of the generalized self-shrinking sequences. Thus, both sequences have the same properties as well as the same weaknesses. Moreover, such sequences can be generated by linear structures based on one-dimensional cellular automata. The linearity inherent to the cellular automata-based models can be used to launch a cryptanalytic attack against such non-linear generators.

Cryptanalysing the Shrinking Generator

Abstract In this work, we propose a cryptanalysis of the nonlinear sequence generator called the shrinking generator. The output sequence of this cryptographic generator, the shrunken sequence, can be modelled as one of the output sequences of linear cellular automata (CA). The shrunken sequence and the other sequences generated by the CA can be reduced to a combination of PN-sequences generated by the same characteristic polynomial. Therefore, all these PN-sequences are the same but shifted. We propose an efficient cryptanalysis that takes advantage of the linearity of these PN-sequences and the CA.

Performance of the Cryptanalysis over the Shrinking Generator

The shrinking generator is a decimation-based nonlinear sequence generator with cryptographic application. Its output sequence can be modelled as one of the sequences generated by a linear cellular automata. Taking advantage of this linear structure, in this work a cryptanalysis of the shrinking generator has been introduced. The algorithm here developed recovers the secret key of the shrinking generator.

Computing the Linear Complexity in a Class of Cryptographic Sequences.

In this work, we present a method of computing the linear complexity of the sequences produced by the cryptographic sequence generator known as generalized self-shrinking generator. This approach is based on the comparison of different shifted versions of a single PN-sequence. Just the analysis of binary digits in these shifted sequences allows one to determine the linear complexity of those generalized sequences. The method is simple, direct and efficient. Furthermore, the concept of linear recurrence relationship and the rows of the Sierpinski’s triangle are the basic tools in this computation.

The t-Modified Self-Shrinking Generator

Pseudo-random sequences exhibit interesting properties with applications in many and distinct areas ranging from reliable communications to number generation or cryptography. Inside the family of decimation-based sequence generators, the modified self-shrinking generator (an improved version of the self-shrinking generator) is one of its best-known elements. In fact, such a generator divides the PN-sequence produced by a maximum-length LFSR into groups of three bits. When the sum of the first two bits in a group is one, then the generator returns the third bit, otherwise the bit is discarded. In this work, we introduce a generalization of this generator, where the PN-sequence is divided into groups of t bits, \(t\ge 2\). It is possible to check that the properties of the output sequences produced by this family of generators have the same or better properties than those of the classic modified self-shrunken sequences. Moreover, the number of sequences generated by this new family with application in stream cipher cryptography increases dramatically.

A New Simple Attack on a Wide Class of Cryptographic Sequence Generators

The class of decimation-based sequence generators attempts to obtain an implicit non-linearity from the decimation process. In this work, it is shown that the output sequence of a well known member of this generator class, the shrinking generator, is composed of PN-sequences generated by Linear feedback Shift Registers. Furthermore, these PN-sequences are shifted versions of a unique sequence whose initial positions can be determined using discrete logarithms. Taking advantage of the linearity of the PN-sequences, a method of recovering the whole output sequence from a small number of intercepted bits is proposed. The algorithm is deterministic, always finds the cryptosystem key and is very adequate for parallelization. The basic ideas of this work can be generalized to other elements in the same class of sequence generators.