Algebraic attacks have established themselves as a powerful method for the cryptanalysis of LFSR-based keystream generators (e.g., E0 used in Bluetooth). The attack is based on solving an overdetermined system of low-degree equations Rt = 0, where Rt is an expression in the state of the LFSRs at clock t and one or several successive keystream bits zt, . . ., zt+δ. In fast algebraic attacks, new equations of a lower degree are constructed in a precomputation step. This is done by computing appropriate linear combinations of T successive initial equations Rt = 0. The successive data complexity of the attack is the number T of successive equations. We propose a new variant of fast algebraic attacks where the same approach is employed to eliminate some unknowns, making a divide-and-conquer attack possible. In some cases, our variant is applicable whereas the first one is not. Both variants can have a high successive data complexity (e.g., T ≥ 8.822.188 for E0). We describe how to keep it to a minimum and introduce suitable efficient algorithms for the precomputation step. © Springer-Verlag Berlin Heidelberg 2005.
CITATION STYLE
Armknecht, F., & Ars, G. (2005). Introducing a new variant of fast algebraic attacks and minimizing their successive data complexity. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3715 LNCS, pp. 16–32). https://doi.org/10.1007/11554868_3
Mendeley helps you to discover research relevant for your work.