This preview shows page 1. Sign up to view the full content.
Unformatted text preview: are very inefficient in software. You want to avoid sparse feedback polynomials—they facilitate correlation attacks [1051,1090,350]—and dense feedback polynomials are inefficient. Any stream cipher outputs a bit at a time; you have to iterate the algorithm 64 times to encrypt what a single iteration of DES can encrypt. In fact, a simple LFSR algorithm like the shrinking generator described later is no faster in software than DES. This branch of cryptography is fastpaced and very politically charged. Most designs are secret; a majority of military encryptions systems in use today are based on LFSRs. In fact, most Cray computers (Cray 1, Cray XMP, Cray YMP) have a rather curious instruction generally known as “population count.” It counts the 1 bits in a register and can be used both to efficiently calculate the Hamming distance between two binary words and to implement a vectorized version of a LFSR. I’ve heard this called the canonical NSA instruction, demanded by almost all computer contracts. On the other hand, an astonishingly large number of seemingly complex shiftregisterbased generators have been cracked. And certainly military cryptanalysis institutions such as the NSA have cracked a lot more. Sometimes it’s amazing to see the simple ones proposed again and again. Linear Complexity
Analyzing stream ciphers is often easier than analyzing block ciphers. For example, one important metric used to analyze LFSRbased generators is linear complexity, or linear span. This is defined as the length, n, of the shortest LFSR that can mimic the generator output. Any sequence generated by a finitestate machine over a finite field has a finite linear complexity [1006]. Linear complexity is important because a simple algorithm, called the BerlekampMassey algorithm, can generate this LFSR after examining only 2n bits of the keystream [1005]. Once you’ve generated this LFSR, you’ve broken the stream cipher. Previous Table of Contents Next Products  Conta...
View
Full
Document
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details