Correlation attacks on stream ciphers: Computing low-weight parity checks based on error-correcting codes

Abstract

The fast correlation attack described bу Meier and Staffelbach [6] on certain classes of stream ciphers, based on linear feedback shift registers, requires that the number of taps of the characteristic polynomial must be small - typically less than 10. The attack can be extended to characteristic polynomials with an arbitrary number of taps if it is possible to compute low-weight polynomial multiples of the feedback polynomial. In this paper we present an algorithm for the efficient computation of low-weight parity checks. The algorithm, based on the theory of cyclic block error-correcting codes, applies the ideas underlying majority-logic decoding of maximal-length codes. A statistical analysis shows that it is not realistic to consider weight-3 parity checks, and hence it is necessary to compute weight-4 parity checks. The proposed algorithm has a worst-case computational complexity of O(22k/3), which is essentially independent of the number of taps of the characteristic polynomial, and is suitable for linear feedback shift registers of approximately 100 bits.