Abstract
Many of the keystream generators which are used in practice are LFSR-based in the sense that they produce the keystream according to a rule y = C(L(x)), where L(x) denotes an internal linear bitstream, produced by a small number of parallel linear feedback shift registers (LFSRs), and C denotes some nonlinear compression function. We present an nO(1)2(1−α)/(1+α)n time bounded attack, the FBDD-attack, against LFSR-based generators, which computes the secret initial state x ∈ 0, 1n from cn consecutive keystream bits, where α denotes the rate of information, which C reveals about the internal bitstream, and c denotes some small constant. The algorithm uses Free Binary Decision Diagrams (FBDDs), a data structure for minimizing and manipulating Boolean functions. The FBDD-attack yields better bounds on the effective key length for several keystream generators of practical use, so a 0.656n bound for the self-shrinking generator, a 0.6403n bound for the A5/1 generator, used in the GSM standard, a 0.6n bound for the E0 encryption standard in the one level mode, and a 0.8823n bound for the two-level E 0 generator used in the Bluetooth wireless LAN system.KeywordsBoolean FunctionCompression RatioStream CipherBinary Decision DiagramCompression FunctionThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
