Unformatted text preview: taken to minimize the attack. Further analysis has indicated that the sequence approaches random as k gets larger [637,638,642,639]. Based on recent attacks on short Gollmann cascades [1063], I recommend using a k of at least 15. You’re better off using more LFSRs of shorter length than fewer LFSRs of longer length. Shrinking Generator
The shrinking generator [378] uses a different form of clock control than the previous generators. Take two LFSRs: LFSR1 and LFSR2. Clock both of them. If the output of LFSR1 is 1, then the output of the generator is LFSR2. If the output of LFSR1 is 0, discard the two bits, clock both LFSRs, and try again. This idea is simple, reasonably efficient, and looks secure. If the feedback polynomials are sparse, the generator is vulnerable, but no other problems have been found. Even so, it’s new. One implementation problem is that the output rate is not regular; if LFSR1 has a long string of zeros then the generator outputs nothing. The authors suggest buffering to solve this problem [378]. Practical implementation of the shrinking generator is discussed in [901]. SelfShrinking Generator
The selfshrinking generator [1050] is a variant of the shrinking generator. Instead of using two LFSRs, use pairs of bits from a single LFSR. Clock a LFSR twice. If the first bit in the pair is 1, the output of the generator is the second bit. If the first bit is 0, discard both bits and try again. While the selfshrinking generator requires about half the memory space as the shrinking generator, it is also half the speed. While the selfshrinking generator also seems secure, it still has some unexplained behavior and unknown properties. This is a very new generator; give it some time. Figure 16.16 Gollmann cascade. 16.5 A5
A5 is the stream cipher used to encrypt GSM (Group Special Mobile). That’s the nonAmerican standard for digital cellular mobile telephones. It is used to encrypt the link from the telephone to the base station. The rest of the link is unencrypted; the telephone c...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details