This preview shows page 1. Sign up to view the full content.
Unformatted text preview: s called a filter generator.) Much of the theoretical background for this kind of thing was laid down by Selmer and Neal Zierler [1647]. Complications have been added. Some generators have LFSRs clocked at different rates; sometimes the clocking of one generator depends on the output of another. These are all electronic versions of preWWII cipher machine ideas, and are called clockcontrolled generators [641]. Clock control can be feedforward, where the output of one LFSR controls the clocking of another, or feedback, where the output of one LFSR controls its own clocking. Although these generators are, at least in theory, susceptible to embedding and probabilistic correlation attacks [634,632], many are secure for now. Additional theory on clockcontrolled shift registers is in [89]. Ian Cassells, once the head of pure mathematics at Cambridge and a former Bletchly Park cryptanalyst, said that “cryptography is a mixture of mathematics and muddle, and without the muddle the mathematics can be used against you.” What he meant was that in stream ciphers, you need some kind of mathematical structure—such as a LFSR—to guarantee maximallength and other properties, and then some complicated nonlinear muddle to stop someone from getting at the register and solving it. This advice also holds true for block algorithms. What follows is a smattering of LFSRbased keystream generators that have appeared in the literature. I don’t know if any of them have been used in actual cryptographic products. Most of them are of theoretical interest only. Some have been broken; some may still be secure. Since LFSRbased ciphers are generally implemented in hardware, electronics logic symbols will be used in the figures. In the text, • is XOR, ^ is AND, ¦ is OR, and ¬ is NOT. Geffe Generator
This keystream generator uses three LFSRs, combined in a nonlinear manner (see Figure 16.6) [606]. Two of the LFSRs are inputs into a multiplexer, and the third LFSR controls the output of the multiplexer. If a1, a2, and a3 are the outputs of t...
View
Full
Document
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details