TY - GEN
T1 - Attack based on direct sum decomposition against the nonlinear filter generator
AU - Wang, Jingjing
AU - Li, Xiangxue
AU - Chen, Kefei
AU - Zhang, Wenzheng
PY - 2012
Y1 - 2012
N2 - The nonlinear filter generator (NLFG) is a powerful building block commonly used in stream ciphers. In this paper, we present the direct sum decomposition of the NLFG output sequence that leads to a system of linear equations in the initial state of the NLFG and further to an efficient algebraic attack. The coefficients of the equation system rely only on the NLFG structure. The attack is operated in an online/offline manner, doing most of the work (determining the coefficients of the equation system) in the offline phase. Thus the online phase is very fast, requiring only four multiplications and one diagonalization of n x n matrices. Compared with related works, our attack has the advantages in both online computation cost and success probability. On the one hand, far fewer output bits and significantly less matrix computation are required in our attack, although the online computation complexity O(LC) (LC is the linear complexity of the output sequence) is the same as in the known Rønjom-Helleseth attack. On the other hand, the success probability of the attack is analyzed in this paper, different from most prior work. The success probability of this algebraic attack is 1- 2 -φ(2n - 1) (φ(·) is the Euler function), which is much greater than 1 - 2 -n , the success probability of the Rønjom-Helleseth attack.
AB - The nonlinear filter generator (NLFG) is a powerful building block commonly used in stream ciphers. In this paper, we present the direct sum decomposition of the NLFG output sequence that leads to a system of linear equations in the initial state of the NLFG and further to an efficient algebraic attack. The coefficients of the equation system rely only on the NLFG structure. The attack is operated in an online/offline manner, doing most of the work (determining the coefficients of the equation system) in the offline phase. Thus the online phase is very fast, requiring only four multiplications and one diagonalization of n x n matrices. Compared with related works, our attack has the advantages in both online computation cost and success probability. On the one hand, far fewer output bits and significantly less matrix computation are required in our attack, although the online computation complexity O(LC) (LC is the linear complexity of the output sequence) is the same as in the known Rønjom-Helleseth attack. On the other hand, the success probability of the attack is analyzed in this paper, different from most prior work. The success probability of this algebraic attack is 1- 2 -φ(2n - 1) (φ(·) is the Euler function), which is much greater than 1 - 2 -n , the success probability of the Rønjom-Helleseth attack.
KW - algebraic attack
KW - characteristic polynomial
KW - direct sum decomposition
KW - nonlinear filter generator
KW - success probability
UR - https://www.scopus.com/pages/publications/84864065944
U2 - 10.1007/978-3-642-31410-0_4
DO - 10.1007/978-3-642-31410-0_4
M3 - 会议稿件
AN - SCOPUS:84864065944
SN - 9783642314094
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 53
EP - 66
BT - Progress in Cryptology, AFRICACRYPT 2012 - 5th International Conference on Cryptology in Africa, Proceedings
T2 - 5th International Conference on Progress in Cryptology, AFRICACRYPT 2012
Y2 - 10 July 2012 through 12 July 2012
ER -