applied cryptography - protocols, algorithms, and source code in c

It leaked here and there and was eventually posted to

This preview shows page 1. Sign up to view the full content.

This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: along these lines [1534,1574,1477]. Figure 16.7 Generalized Geffe generator. Figure 16.8 Jennings generator. Bilateral Stop-and-Go Generator This generator uses two LFSRs, both of length n (see Figure 16.11) [1638]. The output of the generator is the XOR of the outputs of each LFSR. If the output of LFSR-2 at time t – 1 is 0 and the output at time t – 2 is 1, then LFSR-2 does not clock at time t. Conversely, if the output of LFSR-1 at time t – 1 is 0 and the output at t – 2 is 1, and if LFSR-1 clocked at time t, then LFSR-2 does not clock at time t. The linear complexity of this system is roughly equal to the period. According to [1638], “no evident key redundancy has been observed in this system.” Threshold Generator This generator tries to get around the security problems of the previous generators by using a variable number of LFSRs [277]. The theory is that if you use a lot of LFSRs, it’s harder to break the cipher. This generator is illustrated in Figure 16.12. Take the output of a large number of LFSRs (use an odd number of them). Make sure the lengths of all the LFSRs are relatively prime and all the feedback polynomials are primitive: maximize the period. If more than half the output bits are 1, then the output of the generator is 1. If more than half the output bits are 0, then the output of the generator is 0. Figure 16.9 Beth-Piper stop-and-go generator. Figure 16.10 Alternating stop-and-go generator. With three LFSRs, the output generator can be written as: b = (a1 ^ a2) • (a1 ^ a3) • (a2 ^ a3) This is very similar to the Geffe generator, except that it has a larger linear complexity of n1n2 + n1n3 + n2n3 where n1, n2, and n3 are the lengths of the first, second, and third LFSRs. This generator isn’t great. Each output bit of the generator yields some information about the state of the LFSRs—0.189 bit to be exact—and the whole thing falls to a correlation attack. I don’t recommend using it. Self-Decimated Generators Self-decimated generators are generators that control their own clock. Two have...
View Full Document

This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.

Ask a homework question - tutors are online