This preview shows page 1. Sign up to view the full content.
Unformatted text preview: gainst these generators and makes sure the generators are immune to these attacks. Over the years, the approach has resulted in a set of design criteria for stream ciphers [1432,99,1357,1249]. These were discussed by Rueppel in , in which he details the theory behind them. — Long period, no repetitions. — Linear complexity criteria—large linear complexity, linear complexity profile, local linear complexity, and so forth. — Statistical criteria such as ideal k-tuple distributions. — Confusion—every keystream bit must be a complex transformation of all or most of the key bits. — Diffusion—redundancies in substructures must be dissipated into long-range statistics. — Nonlinearity criteria for Boolean functions like mth-order correlation immunity, distance to linear functions, avalanche criterion, and so on. This list of design criteria is not unique for stream ciphers designed by the system-theoretic approach; it is true for all stream ciphers. It is even true for all block ciphers. The unique point about the system-theoretic approach is that stream ciphers are designed to satisfy these goals directly. The major problem with these cryptosystems is that nothing can be proven about their security; the design criteria have never been proved to be either necessary or sufficient for security. A keystream generator may satisfy all the design principles, but could still turn out to be insecure. Another could turn out to be secure. There is still some magic to the process. On the other hand, breaking each of these keystream generators is a different problem for a cryptanalyst. If enough different generators are out there, it may not be worth the cryptanalyst’s time to try to break each one. He may better achieve fame and glory by figuring out better ways to factor large numbers or calculating discrete logarithms. 17.9 Complexity-Theoretic Approach to Stream-Cipher Design
Rueppel also delineated a complexity-theoretic approach to stream-cipher design. Here, a cryptographer attempts to use complexity theory to prove that his generators are secure. Consequently, the generators tend to be mo...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10