applied cryptography - protocols, algorithms, and source code in c

Rsa this rsa generator 3536 is a modification of 200

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: igure 17.9 is a 3-bit shift register with the following feedback function: The new bit is the first bit times the second bit. If it is initialized with the value 110, it produces the following sequence of internal states: 110 011 101 010 001 000 000 And so on forever. The output sequence is the string of least significant bits: 0 1 1 0 1 0 0 0 0 0 0 0.... This isn’t terribly useful. It gets even worse. If the initial value is 100, it produces 010, 001, then repeats forever at 000. If the initial value is 111, it repeats itself forever right from the start. Some work has been done on computing the linear complexity of the product of two LFSRs [1650,726,1364,630,658,659]. A construction that involved computing LFSRs over a field of odd characteristic [310] is insecure [842]. 17.7 Other Stream Ciphers Many other stream ciphers have appeared in the literature here and there. Here are some of them. Pless Generator This generator is designed around the capabilities of the J-K flip-flop [1250]. Eight LFSRs drive four J-K flip-flops; each flip-flop acts as a nonlinear combiner for two of the LFSRs. To avoid the problem that knowledge of an output of the flip-flop identifies both the source and value of the next output bit, clock the four flip-flops and then interleave the outputs to yield the final keystream. This algorithm has been cryptanalyzed by attacking each of the four flip-flops independently [1356]. Additionally, combining J-K flip-flops is cryptographically weak; generators of this type succumb to correlation attacks [1451]. Cellular Automaton Generator In [1608,1609], Steve Wolfram proposed using a one-dimensional cellular automaton as a pseudo-random-number generator. Cellular automata is not the subject of this book, but Wolfram’s generator consisted of a one-dimensional array of bits, a1, a2, a3,..., ak,..., an, and an update function: a‘k = ak-1 • (ak ¦ ak+1) The bit is extracted from one of the ak values; which one really doesn’t matter. The generator’s behavior appears to be quite random. However, there is a known-plaintext attack against these generators [1052]. This attack works on...
View Full Document

This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.

Ask a homework question - tutors are online