This preview shows page 1. Sign up to view the full content.
Unformatted text preview: Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
 Generalized Geffe Generator
Instead of choosing between two LFSRs, this scheme chooses between k LFSRs, as long as k is a power of 2. There are k + 1 LFSRs total (see Figure 16.7). LFSR1 must be clocked log2k times faster than the other k LFSRs. Figure 16.6 Geffe generator. Even though this scheme is more complex than the Geffe generator, the same kind of correlation attack is possible. I don’t recommend this generator. Jennings Generator
This scheme uses a multiplexer to combine two LFSRs [778,779,780]. The multiplexer, controlled by LFSR1, selects 1 bit of LFSR2 for each output bit. There is also a function that maps the output of LFSR2 to the input of the multiplexer (see Figure 16.8). The key is the initial state of the two LFSRs and the mapping function. Although this generator has great statistical properties, it fell to Ross Anderson’s meetinthemiddle consistency attack [39] and the linear consistency attack [1638,442]. Don’t use this generator. BethPiper StopandGo Generator
This generator, shown in Figure 16.9, uses the output of one LFSR to control the clock of another LFSR [151]. The clock input of LFSR2 is controlled by the output of LFSR1, so that LFSR2 can change its state at time t only if the output of LFSR1 was 1 at time t  1. No one has been able to prove results about this generator’s linear complexity in the general case. However, it falls to a correlation attack [1639]. Alternating StopandGo Generator
This generator uses three LFSRs of different length. LFSR2 is clocked when the output of LFSR1 is 1; LFSR3 is clocked when the output of LFSR1 is 0. The output of the generator is the XOR of LFSR2 and LFSR3 (see Figure 16.10) [673]. This generator has a long period and large linear complexity. The authors found a correlation attack against LFSR1, but it does not substantially weaken the generator. There have been other attempts at keystream generators...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details