This preview shows page 1. Sign up to view the full content.
Unformatted text preview: igure 17.9 is a 3bit shift register with the following feedback function: The new bit is the first bit times the second bit. If it is initialized with the value 110, it produces the following sequence of internal states: 110 011 101 010 001 000 000 And so on forever. The output sequence is the string of least significant bits: 0 1 1 0 1 0 0 0 0 0 0 0.... This isn’t terribly useful. It gets even worse. If the initial value is 100, it produces 010, 001, then repeats forever at 000. If the initial value is 111, it repeats itself forever right from the start. Some work has been done on computing the linear complexity of the product of two LFSRs [1650,726,1364,630,658,659]. A construction that involved computing LFSRs over a field of odd characteristic [310] is insecure [842]. 17.7 Other Stream Ciphers
Many other stream ciphers have appeared in the literature here and there. Here are some of them. Pless Generator
This generator is designed around the capabilities of the JK flipflop [1250]. Eight LFSRs drive four JK flipflops; each flipflop acts as a nonlinear combiner for two of the LFSRs. To avoid the problem that knowledge of an output of the flipflop identifies both the source and value of the next output bit, clock the four flipflops and then interleave the outputs to yield the final keystream. This algorithm has been cryptanalyzed by attacking each of the four flipflops independently [1356]. Additionally, combining JK flipflops is cryptographically weak; generators of this type succumb to correlation attacks [1451]. Cellular Automaton Generator
In [1608,1609], Steve Wolfram proposed using a onedimensional cellular automaton as a pseudorandomnumber generator. Cellular automata is not the subject of this book, but Wolfram’s generator consisted of a onedimensional array of bits, a1, a2, a3,..., ak,..., an, and an update function: a‘k = ak1 • (ak ¦ ak+1) The bit is extracted from one of the ak values; which one really doesn’t matter. The generator’s behavior appears to be quite random. However, there is a knownplaintext attack against these generators [1052]. This attack works on...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details