{"title":"位搜索生成器及其变体的时-内存权衡攻击","authors":"Y. Altug, N. P. Ayerden, I. Erguler, E. Anarim","doi":"10.1109/SIU.2006.1659878","DOIUrl":null,"url":null,"abstract":"In 2004, A. Gouget and H. Sibert proposed a new keystream generator called the bit search generator (BSG), to provide high resistance against algebraic attacks. BSG has a very simple algorithm and attractive properties. However it has been cryptanalyzed in different studies by using the fact that output of BSG can be uniquely expressed by differential of the input sequence. Recently, Gouget et al. introduced two modified versions of BSG, named as MBSG and ABSG, to increase its security and also presented their security analysis in the same paper. The best attack that they give against ABSG and MBSG has complexity O(2L/2) and requires O(L2L/2) bits of keystream. In this study, we have shown that BSG, MBSG and ABSG can be cryptanalyzed with a time complexity O(2L/3) by using a time-memory trade-off attack. The method requires 22L/3 words of memory and O(2L+2L/3) bits of keystream. According to computer simulation results, we have found out that MBSG is the most vulnerable generator among BSG and variants to proposed attack. Moreover, ABSG doesn't bring any additional security to original BSG for proposed time-memory trade-off attack","PeriodicalId":415037,"journal":{"name":"2006 IEEE 14th Signal Processing and Communications Applications","volume":"2011 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-04-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Time-Memory Trade-off Attack to Bit Search Generator and Its Variants\",\"authors\":\"Y. Altug, N. P. Ayerden, I. Erguler, E. Anarim\",\"doi\":\"10.1109/SIU.2006.1659878\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In 2004, A. Gouget and H. Sibert proposed a new keystream generator called the bit search generator (BSG), to provide high resistance against algebraic attacks. BSG has a very simple algorithm and attractive properties. However it has been cryptanalyzed in different studies by using the fact that output of BSG can be uniquely expressed by differential of the input sequence. Recently, Gouget et al. introduced two modified versions of BSG, named as MBSG and ABSG, to increase its security and also presented their security analysis in the same paper. The best attack that they give against ABSG and MBSG has complexity O(2L/2) and requires O(L2L/2) bits of keystream. In this study, we have shown that BSG, MBSG and ABSG can be cryptanalyzed with a time complexity O(2L/3) by using a time-memory trade-off attack. The method requires 22L/3 words of memory and O(2L+2L/3) bits of keystream. According to computer simulation results, we have found out that MBSG is the most vulnerable generator among BSG and variants to proposed attack. Moreover, ABSG doesn't bring any additional security to original BSG for proposed time-memory trade-off attack\",\"PeriodicalId\":415037,\"journal\":{\"name\":\"2006 IEEE 14th Signal Processing and Communications Applications\",\"volume\":\"2011 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-04-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 IEEE 14th Signal Processing and Communications Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SIU.2006.1659878\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 IEEE 14th Signal Processing and Communications Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SIU.2006.1659878","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
2004年,a . Gouget和H. Sibert提出了一种新的密钥流生成器,称为比特搜索生成器(BSG),以提供高抗代数攻击的能力。BSG具有非常简单的算法和吸引人的特性。然而,在不同的研究中,利用BSG的输出可以由输入序列的微分唯一表示这一事实对其进行了密码分析。最近,Gouget et al.引入了BSG的两个修改版本,分别命名为MBSG和ABSG,以增加其安全性,并在同一篇论文中介绍了他们的安全性分析。他们给出的针对ABSG和MBSG的最佳攻击复杂度为0 (2L/2),并且需要O(L2L/2)位密钥流。在这项研究中,我们已经证明了BSG, MBSG和ABSG可以使用时间-记忆权衡攻击以时间复杂度0 (2L/3)进行密码分析。该方法需要22L/3个字的内存和O(2L+2L/3)位的密钥流。根据计算机仿真结果,我们发现在BSG和变体中,MBSG是最容易受到攻击的发生器。此外,对于所提出的时间-内存权衡攻击,ABSG不会给原始BSG带来任何额外的安全性
A Time-Memory Trade-off Attack to Bit Search Generator and Its Variants
In 2004, A. Gouget and H. Sibert proposed a new keystream generator called the bit search generator (BSG), to provide high resistance against algebraic attacks. BSG has a very simple algorithm and attractive properties. However it has been cryptanalyzed in different studies by using the fact that output of BSG can be uniquely expressed by differential of the input sequence. Recently, Gouget et al. introduced two modified versions of BSG, named as MBSG and ABSG, to increase its security and also presented their security analysis in the same paper. The best attack that they give against ABSG and MBSG has complexity O(2L/2) and requires O(L2L/2) bits of keystream. In this study, we have shown that BSG, MBSG and ABSG can be cryptanalyzed with a time complexity O(2L/3) by using a time-memory trade-off attack. The method requires 22L/3 words of memory and O(2L+2L/3) bits of keystream. According to computer simulation results, we have found out that MBSG is the most vulnerable generator among BSG and variants to proposed attack. Moreover, ABSG doesn't bring any additional security to original BSG for proposed time-memory trade-off attack
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
