100 likes | 261 Views
Attack Based on Direct Sum Decomposition against NLFG. Jingjing Wang , Xiangxue Li, Kefei Chen, Wenzheng Zhang. AfricaCrypt 2012 Ifrane, Morocco, July 2012. Nonlinear Filter Generator (NLFG). Wide a pplications in stream cipher Fast and easy to implement (HW)
E N D
Attack Based on Direct Sum Decomposition against NLFG JingjingWang, XiangxueLi, KefeiChen, WenzhengZhang AfricaCrypt 2012 Ifrane, Morocco, July 2012
Nonlinear Filter Generator (NLFG) • Wide applications in stream cipher • Fast and easy to implement (HW) • E.g. Toyocrypt, LILI, Sfinks, … • Vulnerability • Initial state easily recovered by algebraic attacks • E.g. AA, FAA, RH
Algebraic Attacks • General Attack: • Step 1: construct equations of initial state • Step 2: solve equations
Algebraic Attacks against NLFG • AA: • Low-degree annihilator h(意思完整) • Not very effective due to algebraic immune functions • FAA: • Linear relation of initial state (unknown) • Random equations
Algebraic Attacks against NLFG • RH: specific against NLFG • By properly choosing , # NLFG offline bits for coefficients: Success probability: • Can we do better?
Algebraic Attacks against NLFG • RH: specific against NLFG • By properly choosing , # NLFG offline bits for coefficients: Success probability: • Can we do better? by properly choosing
Algebraic Attack Based on Direct Sum Decomposition • Attack: • Special property of NLFG output from its direct sum decomposition Linear equations • Operations: • Success probability:
Direct Sum Decomposition of Sequence Space • Seq. set : all seq. with char. poly. • Linear space • Closed under shift • Let . Direct sum decomposition of :
Properties of NLFGOutput • Let be the characteristic poly. of the seq. • in the linear space where contains all the seq. of characteristic poly. • Linear space