Some remarks on the cross correlation analysis of pseudo random generators

Abstract

Siegenthaler has shown how cross-correlation techniques can be applied to identify pseudo random generators consisting of linear feedback shift registers and a scrambling function [7]. These techniques may allow to attack one register in such a generator at a time. The original algorithm needs O(R2rN) operations to identify one register. (r denotes the length of the register examined, R the number of primitive polynomials of degree r. and N the minimal number of bits one has to observe). Employing Walsh-Hadamard transform this analysis can be done in O(R(r22+N)) operations [8]. We show that there exists a trade-off between the dimension of the Hadamard matrix and the number of bits required to compute the cross correlation coefficients. The complexity of this attack is O(R(r2r−σ+2σN)). The integer σ can be selected so that the cost of the attack is minimized. The MSR-generator will serve as an example to demonstrate our algorithm. Furthermore we examine the correlation immunity of the S-boxes used in the DES.