On the existence of secure feedback registers

Abstract

esigners of stream ciphers have generally used ad hoc meth- ods to build systems that are secure against known attacks. There is often a sense that this is the best that can be done, that any system will even- tually fall to a practical attack. In this paper we show that there are families of keystream generators that resist all possible attacks of a very general type in which a small number of known bits of a keystream are used to synthesize a generator of the keystream (called a synthesizing algorithm). Such attacks are exemplified by the Berlekamp-Massey at- tack. We first formalize the notions of a family of feedback registers and of a synthesizing algorithm. We then show that for any function h(n) that is in O(2n/d) for every d > 0, there is a secure family B of periodic sequences in the sense that any efficient synthesizing algorithm outputs a register of size h(log(period(B))) given the required number of bits of a sequence B ∈ B of large enough period. This result is tight in the sense it fails for any faster growing function h(n). We also consider several variations on this scenario.