This preview shows page 1. Sign up to view the full content.
Unformatted text preview: gainst these generators and makes sure the generators are immune to these attacks. Over the years, the approach has resulted in a set of design criteria for stream ciphers [1432,99,1357,1249]. These were discussed by Rueppel in [1362], in which he details the theory behind them. — Long period, no repetitions. — Linear complexity criteria—large linear complexity, linear complexity profile, local linear complexity, and so forth. — Statistical criteria such as ideal ktuple distributions. — Confusion—every keystream bit must be a complex transformation of all or most of the key bits. — Diffusion—redundancies in substructures must be dissipated into longrange statistics. — Nonlinearity criteria for Boolean functions like mthorder correlation immunity, distance to linear functions, avalanche criterion, and so on. This list of design criteria is not unique for stream ciphers designed by the systemtheoretic approach; it is true for all stream ciphers. It is even true for all block ciphers. The unique point about the systemtheoretic approach is that stream ciphers are designed to satisfy these goals directly. The major problem with these cryptosystems is that nothing can be proven about their security; the design criteria have never been proved to be either necessary or sufficient for security. A keystream generator may satisfy all the design principles, but could still turn out to be insecure. Another could turn out to be secure. There is still some magic to the process. On the other hand, breaking each of these keystream generators is a different problem for a cryptanalyst. If enough different generators are out there, it may not be worth the cryptanalyst’s time to try to break each one. He may better achieve fame and glory by figuring out better ways to factor large numbers or calculating discrete logarithms. 17.9 ComplexityTheoretic Approach to StreamCipher Design
Rueppel also delineated a complexitytheoretic approach to streamcipher design. Here, a cryptographer attempts to use complexity theory to prove that his generators are secure. Consequently, the generators tend to be mo...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details