SlideShare a Scribd company logo

Module 5 Pseudo Random Sequence(SEE NOW).pptx

Download as PPTX, PDF
A
AdityaAnand843311

Pseudo Random Sequence

Engineering
1 of 47
Module -5 Pseudo-Random-Sequence Generators and Stream Ciphers: Linear Congruential Generators, Linear Feedback Shift Registers, Design and analysis of stream ciphers, Stream ciphers using LFSRs, A5, Hughes XPD/KPD, Nanoteq, Rambutan, Additive generators, Gifford, Algorithm M, PKZIP (Text 2: Chapter 16) Dr RSG 25-12-2023 1
Linear Congruential Generators Dr RSG 25-12-2023 2 Linear congruently generators are pseudo-random-sequence generators of the form Xn = (aXn-1 + b) mod m. In which Xn is the nth number of the sequence, and Xn-1 is the previous number of the sequence. The variables a, b, and m are constants: a is the multiplier, b is the increment, and m is the modulus. The key, or seed, is the value of X0. This generator has a period no greater than m. If a, b, and m are properly chosen, then the generator will be a maximal period generator (sometimes called maximal length) and have period of m. The advantage of linear congruential generators is that they are fast, requiring few operations per bit. Unfortunately, linear congruential generators cannot be used for cryptography.
Feedback Shift Registers A feedback shift register is made up of two parts: a shift registers and a feedback function. The shift register is a sequence of bits. Shift register sequences are used in both cryptography and coding theory. Feedback Shift Registers (FSRs) are used in stream ciphers. Each time the system is clocked, the internal state is shifted right, outputting one symbol, and the new left bit is computed from the previous state by a function f. The Nonlinear Feedback Shift Registers (NLFSRs) use a nonlinear function f. The feedback bit is computed = 𝑓 𝑆𝑡,..., 𝑆𝑡−𝐿+1 Dr RSG 25-12-2023 3 as 𝑆𝑡+1 where f can be any function in L variables. Each time the system is clocked, the internal bits are shifted, s t − L + 1 being output; the new left bit is s t + 1.
25-12-2023 Dr RSG 4 Nonlinear Feedback Shift Register Feedback Shift Register
Linear Feedback Shift Registers Dr RSG 25-12-2023 5 A linear feedback shift register (LSFR) is a shift register that takes a linear function of a previous state as an input. LSFRs are used for digital counters, cryptography and circuit testing. A linear feedback shift register takes a linear function, typically an exclusive OR, as an input. An LSFR, like other shift registers, is a cascade of flip-flop circuits. The bits that change state for the others in the cascade are called taps. Two of the major schemes for connecting taps are Fibonacci and Galois. In the Fibonacci configuration, the taps are cascaded and fed into the leftmost bit. In a Galois configuration, LSFRs are used in cryptography for pseudo-random number generation, pseudo-noise sequences and whitening sequences.
LFSRs are the most common type of shift registers used in cryptography. A 4-bit LFSR tapped at the first and fourth bit. If it is initialized with the value 1 1 1 1, it produces the following sequence of internal states before repeating: 1 1 1 1 0 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 1 0 1 0 1 1 0 0 0 1 1 Dr RSG 25-12-2023 6
1 0 0 1 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 0 1 1 0 0 1 1 1 0 The output sequence is the string of least significant bits: 1 1 1 1 0 1 0 1 1 0 0 1 0 0 0 . . . . Dr RSG 25-12-2023 7
An n-bit LFSR generate a 2n - 1 bit-long pseudo-random sequence before repeating. Only LFSRs with certain tap sequences will cycle through all 2n - 1 internal states; these are the maximal-period LFSRs. The resulting output sequence is called an m-sequence. In order for a particular LFSR to be a maximal-period LFSR, the polynomial formed from a tap sequence plus the constant 1 must be a primitive polynomial mod 2. The degree of the polynomial is the length of the shift register. Primitive trinomials are fastest in software, because only two bits of the shift register have to be XORed to generate each new bit Dr RSG 25-12-2023 8
25-12-2023 Dr RSG 9 Linear Feedback Shift Registers 4 bit Linear Feedback Shift Registers
32-bit long maximal-length LFSR. Dr RSG 25-12-2023 10
LFSRs in Software: LFSRs are slow in software, but they're faster in assembly language than in C. Primitive trinomials are fastest in software, because only two bits of the shift register have to be XORed to generate each new bit. To update shift registers multiply suitable binary matrices to the current state. It is possible to modify LFSR's feedback scheme. Instead of using the bits in the tap sequence to generate the new left-most bit, each bit in the tap sequence is XORed with the output of the generator and replaced; then the output of the generator becomes the new left-most bit. This is called a Galois configuration. The Galois configuration is faster in hardware, especially in custom VLSI implementations. In general, by using hardware that is good at shifts, use a Fibonacci configuration; when exploit parallelism, use Galois configuration. So that, all the XORs are done in single operation. Dr RSG 25-12-2023 11
Design and Analysis of Stream Ciphers two binary words and to implement a vectorized version of a LFSR efficiently. Dr RSG 25-12-2023 12 Most practical stream-cipher designs center around LFSRs. In VLSI circuitry, a LFSR-based stream cipher gives a lot of security with only a few logic gates. LFSRs are very inefficient in software. Hence, any stream cipher should be need to iterate the algorithm 64 times to get 1 bit encrypted output, but in DES a single iteration is enough to get 1bit encrypted output. A simple LFSR algorithm like shrinking generator is no faster than DES software. However, most majority military encryptions systems are based on LFSRs. In most Cray computers (Cray 1, Cray X-MP, Cray Y-MP) are used “population count” instructions. It counts 1 bits in a register and used for both to calculate the Hamming distance between
Linear Complexity: Analyzing stream ciphers is easier than analyzing block ciphers. One important metric used to analyze LFSR-based generators is linear complexity, or linear span. This is defined as the length, n, of the shortest LFSR that can mimic the generator output. Any sequence generated by a finite-state machine over a finite field has a finite linear complexity. Linear complexity is important because a simple algorithm, called the Berlekamp-Massey algorithm, can generate this LFSR after examining only 2n bits of the keystream. Once generated this LFSR, the stream cipher can be broken. A further enhancement is the notion of a linear complexity profile, which measures the linear complexity of the sequence as it gets longer and longer. Hence, a high linear complexity does not necessarily indicate a secure generator, but a low linear complexity indicates an insecure one. Dr RSG 25-12-2023 13
Correlation Immunity Cryptographers are tried to get a high linear complexity by combining the output of several output sequences in some nonlinear manner. However, there is a drawback tragedy that one or more of the internal output sequences—often just outputs of individual LFSRs are correlated with the combined keystream and attacked using linear algebra. This is called a correlation attack or a divide-and- conquer attack. So, there is a trade-off between correlation immunity and linear complexity. The idea behind the correlation attack is to identify some correlation between the output of the generator and the output of one of its internal pieces. Then, by observing the output sequence, it is possible to obtain information about that internal output. Using that information and other correlations, collect information about the other internal outputs until the entire generator is broken. Dr RSG 25-12-2023 14
Other Attacks There are other general attacks against keystream generators. The linear consistency test attempts to identify some subset of the encryption key using matrix techniques. There is also the meet-in-the-middle consistency attack. The linear syndrome algorithm relies on being able to write a fragment of the output sequence as a linear equation. There is the best affine approximation attack and the derived sequence attack. The techniques of differential cryptanalysis have even been applied to stream ciphers as has linear cryptanalysis. Dr RSG 25-12-2023 15
Stream Ciphers Using LFSRs Dr RSG 25-12-2023 16 The basic approach to designing a keystream generator using LFSRs is simple. First take one or more LFSRs, generally of different lengths and with different feedback polynomials. When the lengths are all relatively prime and the feedback polynomials are all primitive, the whole generator is maximal length. The key is the initial state of the LFSRs. Every time a bit shift the LFSRs once (this is sometimes called clocking). The output bit is a function, preferably a nonlinear function, of some of the bits of the LFSRs. This function is called the combining function, and the whole generator is called a combination generator. If the output bit is a function of a single LFSR, the generator is called a filter generator. Some generators have LFSRs clocked at different rates; sometimes the clocking of one generator depends on the output of another. These are all electronic versions of pre- WWII cipher machine ideas, and are called clock-controlled generators. Clock control can be feedforward, where the output of one LFSR controls the clocking of another, or feedback, where the output of one LFSR controls its own clocking.
Geffe Generator This keystream generator uses three LFSRs, combined in a nonlinear manner. Two of the LFSRs are used as the inputs to multiplexer, and the third LFSR controls the output of the multiplexer. If a1, a2, and a3 are the outputs of the three LFSRs, the output of the Geffe generator described by: b = (a1 ^ a2) • ((¬ a1) ^ a3). If the LFSRs have lengths n1, n2, and n3, respectively, then the linear complexity of the generator is (n1 + 1)n2 + n1n3. The period of the generator is the least common multiple of the periods of the three generators. Assuming the degrees of the three primitive feedback polynomials are relatively prime, then the period of this generator is the product of the periods of the three LFSRs. Cryptographically Geffe generator is weak and it falls under correlation attack. The output of the generator equals the output of LFSR-2 about 75 percent of the time. Dr RSG 25-12-2023 17
So, if the feedback taps are known, it is possible to guess the initial value for LFSR- 2 and generate the output sequence of that register. Further, count the number of times the output of the LFSR-2 agrees with the output of the generator. During the wrong guess, the two sequences will agree about 50 percent of the time; For the right guess, the two sequences will agree about 75 percent of the time. Similarly, the output of the generator equals the output of LFSR-3 about 75 percent of the time. With those correlations, the keystream generator can be easily cracked. Geffe Generator Dr RSG 25-12-2023 18
Generalized Geffe Generator Instead of choosing between two LFSRs, this scheme chooses between k LFSRs, as long as k is a power of 2. There are k + 1 LFSRs total. LFSR-1 must be clocked log2k times faster than the other k LFSRs. Even though this scheme is more complex than the Geffe generator, the same kind of correlation attack is possible. Generalized Geffe Generator Dr RSG 25-12-2023 19
Jennings Generator This scheme uses a multiplexer to combine two LFSRs. The multiplexer, controlled by LFSR-1, selects 1 bit of LFSR-2 for each output bit. There is a function, which maps the output of LFSR-2 to the input of the multiplexer. The key is the initial state of the two LFSRs and the mapping function. Although this generator has great statistical properties, it fell to meet-in-the-middle consistency attack and the linear consistency attack. Jennings Generator 25-12-2023 Dr RSG 20
Beth-Piper Stop-and-Go Generator This generator uses the output of one LFSR to control the clock of another LFSR. The clock input of LFSR-2 is controlled by the output of LFSR-1, so that LFSR-2 can change its state at time t only if the output of LFSR-1 was 1 at time t - 1. No one has been able to prove results about this generator’s linear complexity in the general case. However, it falls to a correlation attack. Beth-Piper Stop-and-Go Generator Dr RSG 25-12-2023 21
Alternating Stop-and-Go Generator This generator uses three LFSRs of different length. LFSR-2 is clocked when the output of LFSR-1 is 1; LFSR-3 is clocked when the output of LFSR-1 is 0. The output of the generator is the XOR of LFSR-2 and LFSR-3. This generator has a long period and large linear complexity. However it has correlation attack against LFSR-1, but it does not substantially weaken the generator. Alternating Stop-and-Go Generator Dr RSG 25-12-2023 22
Bilateral Stop-and-Go Generator This generator uses two LFSRs, both of length n. The output of the generator is the XOR of the outputs of each LFSR. If the output of LFSR-2 at time t – 1 is 0 and the output at time t – 2 is 1, then LFSR-2 does not clock at time t. Conversely, if the output of LFSR-1 at time t – 1 is 0 and the output at t – 2 is 1, and if LFSR-1 clocked at time t, then LFSR-2 does not clock at time t. The linear complexity of this system is roughly equal to the period. No evident key redundancy has been observed in this system. Bilateral Stop-and-Go Generator Dr RSG 25-12-2023 23
Threshold Generator This generator tries to get around the security problems of the previous generators by using a variable number of LFSRs. When a lot of LFSRs are used, it’s harder to break the cipher. Here, the lengths of all the LFSRs are relatively prime and all the feedback polynomials are primitive to maximize the period. Now take the output of a large number of LFSRs, If more than half the output bits are 1, then the output of the generator is 1. If more than half the output bits are 0, then the output of the generator is 0. Threshold Generator 25-12-2023 Dr RSG 24
Self-Decimated Generators Self-decimated generators are generators that control their own clock. Two have been proposed, one by Rainer Rueppel and another by Bill Chambers and Dieter Gollmann. In Rueppel's generator, when the output of the LFSR is 0, the LFSR is clocked d times. When the output of the LFSR is 1, the LFSR is clocked k times. Chambers's and Gollmann's generator is more complicated with same concept. Unfortunately both generators are insecure although some modifications have been proposed. Rueppel’s self-decimated generator Dr RSG 25-12-2023 25 Chambers's and Gollmann's self-decimated generator
Multispeed Inner-Product Generator This generator proposed by Massey and Rueppel. It uses two LFSRs clocked at two different speeds. LFSR-2 is clocked d times as fast as LFSR- 1 . The individual bits of the two LFSRs are ANDed together and then XORed with each other to produce the final output bit of the generator. Although this generator has high linear complexity and it possesses excellent statistical properties, it still falls to a linear consistency attack . If n1 is the length of LFSR- 1, n2 is the length of the LFSR-2, and d is the speed multiple between the two, then the internal state of the generator can be recovered from an output sequence of length: n1 + n2 + log2d Multispeed Inner-Product Generator Dr RSG 25-12-2023 26
Summation Generator This generator also proposed by Rainer Rueppel, it adds the output of two LFSRs with carry. This operation is highly nonlinear. Through the late 1980, this generator was the security front-runner, but it fell to a correlation attack. This is an example of a feedback with carry shift register but it can be broken. DNRSG stands for "dynamic random-sequence generator". The idea is to have two different filter generators-threshold, summation, or whatever-fed by a single set of LFSRs and controlled by another LFSR. First clock all the LFSRs, If the output of LFSR-0 is 1, then compute the output of the first filter generator. If the output of LFSR-0 is 0, then compute the output of the second filter generator. The final output is the first output XOR the second. Dr RSG 25-12-2023 27
Gollmann Cascade The Gollmann cascade is a strengthened version of a stop-and-go generator. It consists of a series of LFSRs, with the clock of each controlled by the previous LFSR. If the output of LFSR-1 is 1 at time t - 1 , then LFSR-2 clocks. If the output of LFSR-2 is 1 at time t - 1, then LFSR-3 clocks, and so on. The output of the final LFSR is the output of the generator. If all the LFSRs have the same length, n, the linear complexity of a system with k LFSRs is n(2n-1)k-1 . Cascades are used to generate sequences with huge periods, huge linear complexities, and good statistical properties. They are vulnerable to an attack called lock-in. Using lock-in technique the cryptanalyst reconstructs the input to the last shift register in the cascade, then proceeds to break the cascade register by register. Dr RSG 25-12-2023 28
Gollmann cascade Dr RSG 25-12-2023 29 To avoid the recent attacks in Gollmann cascades, the random sequence approaches k can be increased up to 15 and also use more number of LFSRs of shorter length than fewer number of LFSRs with longer length.
Shrinking Generator The shrinking generator uses a different form of clock control than the previous generators. It has two LFSRs, LFSR- 1 and LFSR-2. Both are clocked simultaneously and the outputs are observed that if LFSR- 1 has output 1 , then the output of the generator is LFSR-2. If the output of LFSR-1 is 0, discard the clock bits of both LFSRs, and try again. This idea is reasonably efficient and looks secure. If the feedback polynomials are sparse, the generator is vulnerable. However, it has one implementation problem that the generator outputs is nothing when LFSR- 1 has a long string of zeros. Dr RSG 25-12-2023 30
Self-Shrinking Generator The self-shrinking generator is a variant of the shrinking generator. In this generator a pairs of bits used in single LFSR, instead of using two LFSRs. Clock the LFSR twice. If the first bit in the pair is 1 , the output of the generator is the second bit. If the first bit is 0, discard both bits and try again. While the self- shrinking generator requires about half the memory space as the shrinking generator, it is also half the speed. While the self-shrinking generator also seems secure, it still has some unexplained behavior and unknown properties. This is a very new generator. Dr RSG 25-12-2023 31
A5 Dr RSG 25-12-2023 32 A5 is the stream cipher used to encrypt GSM (Group Special Mobile). Here a non- American standard is used to encrypt the link from the telephone to the base station for digital cellular mobile telephones. The rest of the link is unencrypted; the telephone company can easily eavesdrop on our conversations. A5 consists of three LFSRs; the register lengths are 19, 22, and 23; all the feedback polynomials are sparse. The output is the XOR of the three LFSRs. A5 uses variable clock control. Each register is clocked based on its own middle bit, XORed with the inverse threshold function of the middle bits of all three registers. Usually, two of the LFSRs clock in each round. There is a trivial attack requiring 240 encryptions: Guess the contents of the first two LFSRs, then try to determine the third LFSR from the keystream. It is clear that the basic ideas behind A5 are good. It is very efficient. It passes all known statistical tests; its only known weakness is that its registers are short enough to make exhaustive search feasible. Variants of A5 with longer shift registers and denser feedback polynomials should be secure.
Hughes XPD/KPD Dr RSG 25-12-2023 33  This XPD algorithm is designed in the year1986 by Hughes Aircraft Corp and it is used as an Export able Protection Device. Later it was renamed KPD—Kinetic Protection Device—and declassified.  The algorithm uses a 61-bit LFSR. There are 210 different primitive feedback Polynomials and the key is selected from one of these polynomials as well as the initial state of the LFSR.  It has eight different nonlinear filters, each of which has six taps from the LFSR and which produces 1 bit. The bits combine to generate a byte, which is used to encrypt or decrypt the data stream.  This algorithm looks pretty impressive, but there must be some attack on the order of 240 or less.
Nanoteq Dr RSG 25-12-2023 34 This algorithm has been fielded by the South African police to encrypt their fax transmissions, and presumably for other uses as well. It uses a 127-bit LFSR with a fixed feedback polynomial; the key is the initial state of the feedback register. The 127 bits of the register are reduced to a single keystream bit using 25 primitive cells. Each cell has five inputs and one output: f(x1,x2,x3,x4,x5) = x1 + x2 + (x1 + x3) (x2 + x4 + x5) + (x1 + x4) (x2 + x3) + x5 Each input of the function is XORed with some bit of the key. There is also a secret permutation that depends on the particular implementation, This algorithm is only available in hardware. Ross Anderson took some initial steps towards cryptanalyzing this algorithm.
Rambutan Dr RSG 25-12-2023 35 Rambutan is a British algorithm, designed by the Communications Electronics Security Group. It is sold as a hardware module and is approved for the protection of classified material up to “Confidential.” The algorithm itself is secret, and the chip is not commercially available. Rambutan has a 112-bit key (plus parity bits) and operate in three modes: ECB (Electronic Codebook), C B C (Cipher Block Chaining), and 8-bit CFB (Cipher Feedback Mode). This indicates strongly that it is a block algorithm. It is a LFSR stream cipher. It has five shift registers, each one of a different length around 80 bits. The feedback polynomials are fairly sparse, with only about 10 taps each. Each shift register provides four inputs to a very large and complex nonlinear function which eventually spits out a single bit.
Additive generators (Lagged Fibonacci generators) are extremely efficient, which produce random words instead of random bits. They are not secure on their own, but it can be used as building blocks for secure generators. The initial state of the generator is an array of n-bit words: 8-bit words, 16-bit words, 32-bit words, whatever: X1, X2, X3,..., Xm. This initial state is the key. The ith word of the generator is Xi = (Xi-a + Xi-b + Xi-c +...+ Xi-m) mod 2n. If the coefficients a, b, c,..., m are chosen right, the period of this generator is at least 2n - 1. One of the requirements on the coefficients is that the least significant bit forms a maximal- length LFSR. Let (55,24,0) is a primitive polynomial mod 2n . Hence, the maximal length of additive generator is. Xi = (Xi-55 + Xi-24) mod 2n. In this example the primitive polynomial has three coefficients. However, for more than three coefficients some additional requirements to make it maximal length. Dr RSG 25-12-2023 36
Fish (Fibonacci shrinking generator) Fish is an additive generator based on techniques used in the shrinking generator. It produces a stream of 32-bit words which can be XORed with a plaintext stream to produce ciphertext, or XORed with a ciphertext stream to produce plaintext. The algorithm is named as it is because it is a Fibonacci shrinking generator. First, use these two additive generators. The key is the initial values of these generators. Ai = (Ai-55 + Ai-24) mod 232 Bi = (Bi-52 + Bi-19) mod 232 These sequences are shrunk, as a pair, depending on the least significant bit of Bi: if it is 1, use the pair; if it is 0, ignore the pair. Cj is the sequence of used words from Ai, and Dj is the sequence of used words from Bi. Dr RSG 25-12-2023 37
These words are used in pairs—C2j, C2j+1, D2j, and D2j+1—to generate two 32-bit output words: K2j and K2j+1. E2j = C2j • (D2j ^ D2j+1) F2j = D2j+1 ^ (E2j ^ C2j+1) K2j = E2j • F2j K2i+1 = C2i+1 • F2j This algorithm is fast. On a 33 megahertz 486, a C implementation of Fish encrypts data at 15 megabits per second. Unfortunately, it is also insecure; an attack has a work factor of about 240 Dr RSG 25-12-2023 38
Pike Pike is a leaner, meaner version of Fish, the man who broke Fish. It uses three additive generators. For example: Ai = (A i-55 + A i-24) mod 232 Bi = (B i-57 + B i-7) mod 232 Ci = (C i-58 + C i-19) mod 232 To generate the keystream word, look at the addition carry bits. If all three agree (all are 0 or all are 1), then clock all three generators. If they do not, just clock the two generators that agree. Save the carry bits for next time. The final output is the XOR of the three generators. Pike is faster than Fish, since on the average 2.75 steps will be required per output rather than 3. It is far new to trust, but looks good so far. Dr RSG 25-12-2023 39
Mush Mush is a mutual shrinking generator. Take two additive generators: A and B. If the carry bit of A is set, clock B. If the carry bit of B is set, clock A. Clock A, and set the carry bit if there is a carry. Clock B, and set the carry bit if there is a carry. The final output is the XOR of the output of A and B. The easiest generators to use are the ones from Fish: Ai = (A i-55 + A i-24) mod 232 Bi = (B i-52 + B i-19) mod 232 On the average, three generator iterations are required to produce one output word. When the coefficients of additive generators are chosen correctly and are relatively prime, the output sequence will be maximal length. This algorithm is very new. Dr RSG 25-12-2023 40
Gifford algorithm was broken in 1994. Dr RSG 25-12-2023 41 David Gifford invented a stream cipher, which is used to encrypt news wire reports in the Boston area from 1984 until 1988. This algorithm has a single 8-byte register: b0, b1,..., b7. The key is the initial state of the register and the algorithm works in Output Feedback mode (OFB). To generate a key byte ki, concatenate b0 and b2 and concatenate b4 and b7. Multiply the two together to get a 32-bit number. The third byte from the left is ki. To update the register, take b1 and sticky right shift it 1 bit. This means the left-most bit is both shifted and also remains in place. Take b7 and shift it 1 bit to the left; there should be a 0 in the right-most bit position. Take the XOR of the modified b1, the modified b7, and b0. Shift the original register 1 byte to the right and put this byte in the left-most position. This
Gifford Method Dr RSG 25-12-2023 42
PKZIP : Roger Schlafly designed the encryption algorithm built into the PKZIP data compression program. It’s a stream cipher that encrypts data one byte at a time. The algorithm uses three 32-bit variables, initialized as follows: K3 = ((K2 | 2) * ((K2 | 2) ^ 1)) >> 8 Dr RSG 25-12-2023 43 K0 = 305419896, K1 = 591751049, K2 = 878082192 . It has an 8-bit key, K3, derived from K2. In this algorithm all symbols are had standard C notation. Ci = Pi ^ K3 K0 = crc32 (K0, Pi) K1 = K1 + (K0 & 0×000000ff) K1 = K1 * 134775813 + 1 K2 = crc32 (K2, K1 >> 24)
The function crc32 takes the previous value and a byte, XORs them, and calculates the next value by the CRC polynomial denoted by 0×edb88320. In practice, a 256- entry table can be precomputed and the crc32 calculation becomes: crc32 (a, b) = (a >> 8) ^ table [(a & 0×ff) • b], The table is precomputed by the original definition of crc32: table [i] = crc32 (i, 0). To encrypt a plaintext stream, first loop the key bytes through the encryption algorithm to update the keys. Ignore the ciphertext output in this step. Then encrypt the plaintext, one byte at a time. Twelve random bytes are prepended to the plaintext. Decryption is similar to encryption, except that Ci is used in the second step of the algorithm instead of Pi. PKZIP encryption is not secure one. An attack requires 40 to 200 bytes of known plaintext and has a time complexity of about 227 . Dr RSG 25-12-2023 44
University questions – Module -5 March -2022 Write an explanatory note on Linear Feedback Shift Register -10 Explain the following with necessary diagrams: (i)Generalized Geffe Generator (ii)Threshold Generator (iii)Alternating stop and go generator -10 Explain Additive generator. Also explain fish and pike additive generator -10 With a neat diagram, explain the concept of Gifford - 6 Write a short note on A5 - 4 Dr RSG 25-12-2023 45
August 2022 Explain LFSR and how the shift register sequences are used in cryptography -10 Write note on: Design and analysis of stream cipher – 10 Write short notes on: (i)Geffe Generator - 6 (ii)A5 to encrypt GSM - 6 (iii)NANOTEQ and RAMBUTAN – 8 January-2023 Explain the linear congruential generators. – 5 With a neat figure, explain the generalized Geffe generator – 7 Dr RSG 25-12-2023 46
With neat figures explain: (i)Beth-piper stop and go generator (ii) Alternating stop and go generator – 8 With neat figure, explain bilateral stop and go generator – 8 Explain Gifford algorithm with relevant diagram – 6 Explain Fish and Pike algorithms with relevant equations – 6 Dr RSG 25-12-2023 47

Recommended

CRYPTO Module 05.in.pdf
CRYPTO Module 05.in.pdfCRYPTO Module 05.in.pdf
CRYPTO Module 05.in.pdfAnushaS405812
 
[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. K
[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. K[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. K
[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. KIJET - International Journal of Engineering and Techniques
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Lfsr report
Lfsr report Lfsr report
Lfsr report Nandana Priyanka Eluri
 
P0460699102
P0460699102P0460699102
P0460699102IJERA Editor
 
ChapterTwoCryptoTheStreamCipherFHSU.pptx
ChapterTwoCryptoTheStreamCipherFHSU.pptxChapterTwoCryptoTheStreamCipherFHSU.pptx
ChapterTwoCryptoTheStreamCipherFHSU.pptxssuser0a47f0
 
LINEAR FEEDBACK SHIFT REGISTER GENETICALLY ADJUSTED FOR SEQUENCE COPYING
LINEAR FEEDBACK SHIFT REGISTER GENETICALLY ADJUSTED FOR SEQUENCE COPYINGLINEAR FEEDBACK SHIFT REGISTER GENETICALLY ADJUSTED FOR SEQUENCE COPYING
LINEAR FEEDBACK SHIFT REGISTER GENETICALLY ADJUSTED FOR SEQUENCE COPYINGAIRCC Publishing Corporation
 
Linear Feedback Shift Register Genetically Adjusted for Sequence Copying
Linear Feedback Shift Register Genetically Adjusted for Sequence CopyingLinear Feedback Shift Register Genetically Adjusted for Sequence Copying
Linear Feedback Shift Register Genetically Adjusted for Sequence CopyingAIRCC Publishing Corporation
 

Recommended

CRYPTO Module 05.in.pdf
CRYPTO Module 05.in.pdfCRYPTO Module 05.in.pdf
CRYPTO Module 05.in.pdfAnushaS405812
 
[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. K
[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. K[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. K
[IJET V2I3P1] Authors: G Hemanth kumar Dr. M. Saravanan, Charan kumar. KIJET - International Journal of Engineering and Techniques
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Lfsr report
Lfsr report Lfsr report
Lfsr report Nandana Priyanka Eluri
 
P0460699102
P0460699102P0460699102
P0460699102IJERA Editor
 
ChapterTwoCryptoTheStreamCipherFHSU.pptx
ChapterTwoCryptoTheStreamCipherFHSU.pptxChapterTwoCryptoTheStreamCipherFHSU.pptx
ChapterTwoCryptoTheStreamCipherFHSU.pptxssuser0a47f0
 
LINEAR FEEDBACK SHIFT REGISTER GENETICALLY ADJUSTED FOR SEQUENCE COPYING
LINEAR FEEDBACK SHIFT REGISTER GENETICALLY ADJUSTED FOR SEQUENCE COPYINGLINEAR FEEDBACK SHIFT REGISTER GENETICALLY ADJUSTED FOR SEQUENCE COPYING
LINEAR FEEDBACK SHIFT REGISTER GENETICALLY ADJUSTED FOR SEQUENCE COPYINGAIRCC Publishing Corporation
 
Linear Feedback Shift Register Genetically Adjusted for Sequence Copying
Linear Feedback Shift Register Genetically Adjusted for Sequence CopyingLinear Feedback Shift Register Genetically Adjusted for Sequence Copying
Linear Feedback Shift Register Genetically Adjusted for Sequence CopyingAIRCC Publishing Corporation
 
On Linear Complexity of Binary Sequences Generated Using Matrix Recurrence Re...
On Linear Complexity of Binary Sequences Generated Using Matrix Recurrence Re...On Linear Complexity of Binary Sequences Generated Using Matrix Recurrence Re...
On Linear Complexity of Binary Sequences Generated Using Matrix Recurrence Re...ijdpsjournal
 
Implementation of UART with BIST Technique Using Low Power LFSR
Implementation of UART with BIST Technique Using Low Power LFSRImplementation of UART with BIST Technique Using Low Power LFSR
Implementation of UART with BIST Technique Using Low Power LFSRIJERA Editor
 
Reconfigurable linear feedback shift register for wireless communication and...
Reconfigurable linear feedback shift register for wireless communication and...Reconfigurable linear feedback shift register for wireless communication and...
Reconfigurable linear feedback shift register for wireless communication and...International Journal of Reconfigurable and Embedded Systems
 
Karsten Nohl
Karsten NohlKarsten Nohl
Karsten NohlInformation Security Awareness Group
 
PRBS generation
PRBS generationPRBS generation
PRBS generationajay singh
 
Ofdm.pptx
Ofdm.pptxOfdm.pptx
Ofdm.pptxAkbarali206563
 
Types Of Window Being Used For The Selected Granule
Types Of Window Being Used For The Selected GranuleTypes Of Window Being Used For The Selected Granule
Types Of Window Being Used For The Selected GranuleLeslie Lee
 
LFSR
LFSRLFSR
LFSRCVR college of Engineering
 
Acquisition of Long Pseudo Code in Dsss Signal
Acquisition of Long Pseudo Code in Dsss SignalAcquisition of Long Pseudo Code in Dsss Signal
Acquisition of Long Pseudo Code in Dsss SignalIJMER
 
Vlsi implementation ofdm
Vlsi implementation ofdmVlsi implementation ofdm
Vlsi implementation ofdmManas Verma
 
Lecture intro to_wcdma
Lecture intro to_wcdmaLecture intro to_wcdma
Lecture intro to_wcdmaGurpreet Singh
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
Design & Check Cyclic Redundancy Code using VERILOG HDL
Design & Check Cyclic Redundancy Code using VERILOG HDLDesign & Check Cyclic Redundancy Code using VERILOG HDL
Design & Check Cyclic Redundancy Code using VERILOG HDLijsrd.com
 
Implementation of UART with Status Register using Multi Bit Flip-Flop
Implementation of UART with Status Register using Multi Bit Flip-FlopImplementation of UART with Status Register using Multi Bit Flip-Flop
Implementation of UART with Status Register using Multi Bit Flip-FlopIJMER
 
Achieving Reduced Area and Power with Multi Bit Flip-Flop When Implemented In...
Achieving Reduced Area and Power with Multi Bit Flip-Flop When Implemented In...Achieving Reduced Area and Power with Multi Bit Flip-Flop When Implemented In...
Achieving Reduced Area and Power with Multi Bit Flip-Flop When Implemented In...IJERA Editor
 
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...IOSR Journals
 
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...IOSR Journals
 
Fpga implementation of utmi with usb 2.O
Fpga implementation of utmi with usb 2.O Fpga implementation of utmi with usb 2.O
Fpga implementation of utmi with usb 2.O Mathew George
 
FPGA-based Design System for a Two-Segment Fibonacci LFSR Random Number Gener...
FPGA-based Design System for a Two-Segment Fibonacci LFSR Random Number Gener...FPGA-based Design System for a Two-Segment Fibonacci LFSR Random Number Gener...
FPGA-based Design System for a Two-Segment Fibonacci LFSR Random Number Gener...IJECEIAES
 
Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator ajay singh
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 

More Related Content

Similar to Module 5 Pseudo Random Sequence(SEE NOW).pptx

On Linear Complexity of Binary Sequences Generated Using Matrix Recurrence Re...
On Linear Complexity of Binary Sequences Generated Using Matrix Recurrence Re...On Linear Complexity of Binary Sequences Generated Using Matrix Recurrence Re...
On Linear Complexity of Binary Sequences Generated Using Matrix Recurrence Re...ijdpsjournal
 
Implementation of UART with BIST Technique Using Low Power LFSR
Implementation of UART with BIST Technique Using Low Power LFSRImplementation of UART with BIST Technique Using Low Power LFSR
Implementation of UART with BIST Technique Using Low Power LFSRIJERA Editor
 
PRBS generation
PRBS generationPRBS generation
PRBS generationajay singh
 
Types Of Window Being Used For The Selected Granule
Types Of Window Being Used For The Selected GranuleTypes Of Window Being Used For The Selected Granule
Types Of Window Being Used For The Selected GranuleLeslie Lee
 
Acquisition of Long Pseudo Code in Dsss Signal
Acquisition of Long Pseudo Code in Dsss SignalAcquisition of Long Pseudo Code in Dsss Signal
Acquisition of Long Pseudo Code in Dsss SignalIJMER
 
Vlsi implementation ofdm
Vlsi implementation ofdmVlsi implementation ofdm
Vlsi implementation ofdmManas Verma
 
Lecture intro to_wcdma
Lecture intro to_wcdmaLecture intro to_wcdma
Lecture intro to_wcdmaGurpreet Singh
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
Design & Check Cyclic Redundancy Code using VERILOG HDL
Design & Check Cyclic Redundancy Code using VERILOG HDLDesign & Check Cyclic Redundancy Code using VERILOG HDL
Design & Check Cyclic Redundancy Code using VERILOG HDLijsrd.com
 
Implementation of UART with Status Register using Multi Bit Flip-Flop
Implementation of UART with Status Register using Multi Bit Flip-FlopImplementation of UART with Status Register using Multi Bit Flip-Flop
Implementation of UART with Status Register using Multi Bit Flip-FlopIJMER
 
Achieving Reduced Area and Power with Multi Bit Flip-Flop When Implemented In...
Achieving Reduced Area and Power with Multi Bit Flip-Flop When Implemented In...Achieving Reduced Area and Power with Multi Bit Flip-Flop When Implemented In...
Achieving Reduced Area and Power with Multi Bit Flip-Flop When Implemented In...IJERA Editor
 
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...IOSR Journals
 
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...IOSR Journals
 
Fpga implementation of utmi with usb 2.O
Fpga implementation of utmi with usb 2.O Fpga implementation of utmi with usb 2.O
Fpga implementation of utmi with usb 2.O Mathew George
 
FPGA-based Design System for a Two-Segment Fibonacci LFSR Random Number Gener...
FPGA-based Design System for a Two-Segment Fibonacci LFSR Random Number Gener...FPGA-based Design System for a Two-Segment Fibonacci LFSR Random Number Gener...
FPGA-based Design System for a Two-Segment Fibonacci LFSR Random Number Gener...IJECEIAES
 
Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator ajay singh
 

Similar to Module 5 Pseudo Random Sequence(SEE NOW).pptx (20)

On Linear Complexity of Binary Sequences Generated Using Matrix Recurrence Re...
On Linear Complexity of Binary Sequences Generated Using Matrix Recurrence Re...On Linear Complexity of Binary Sequences Generated Using Matrix Recurrence Re...
On Linear Complexity of Binary Sequences Generated Using Matrix Recurrence Re...
 
Implementation of UART with BIST Technique Using Low Power LFSR
Implementation of UART with BIST Technique Using Low Power LFSRImplementation of UART with BIST Technique Using Low Power LFSR
Implementation of UART with BIST Technique Using Low Power LFSR
 
Reconfigurable linear feedback shift register for wireless communication and...
Reconfigurable linear feedback shift register for wireless communication and...Reconfigurable linear feedback shift register for wireless communication and...
Reconfigurable linear feedback shift register for wireless communication and...
 
Karsten Nohl
Karsten NohlKarsten Nohl
Karsten Nohl
 
PRBS generation
PRBS generationPRBS generation
PRBS generation
 
Ofdm.pptx
Ofdm.pptxOfdm.pptx
Ofdm.pptx
 
Types Of Window Being Used For The Selected Granule
Types Of Window Being Used For The Selected GranuleTypes Of Window Being Used For The Selected Granule
Types Of Window Being Used For The Selected Granule
 
LFSR
LFSRLFSR
LFSR
 
Acquisition of Long Pseudo Code in Dsss Signal
Acquisition of Long Pseudo Code in Dsss SignalAcquisition of Long Pseudo Code in Dsss Signal
Acquisition of Long Pseudo Code in Dsss Signal
 
Vlsi implementation ofdm
Vlsi implementation ofdmVlsi implementation ofdm
Vlsi implementation ofdm
 
Lecture intro to_wcdma
Lecture intro to_wcdmaLecture intro to_wcdma
Lecture intro to_wcdma
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream Ciphers
 
Design & Check Cyclic Redundancy Code using VERILOG HDL
Design & Check Cyclic Redundancy Code using VERILOG HDLDesign & Check Cyclic Redundancy Code using VERILOG HDL
Design & Check Cyclic Redundancy Code using VERILOG HDL
 
Implementation of UART with Status Register using Multi Bit Flip-Flop
Implementation of UART with Status Register using Multi Bit Flip-FlopImplementation of UART with Status Register using Multi Bit Flip-Flop
Implementation of UART with Status Register using Multi Bit Flip-Flop
 
Achieving Reduced Area and Power with Multi Bit Flip-Flop When Implemented In...
Achieving Reduced Area and Power with Multi Bit Flip-Flop When Implemented In...Achieving Reduced Area and Power with Multi Bit Flip-Flop When Implemented In...
Achieving Reduced Area and Power with Multi Bit Flip-Flop When Implemented In...
 
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
 
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
Implementation of XOR Based Pad Generation Mutual Authentication Protocol for...
 
Fpga implementation of utmi with usb 2.O
Fpga implementation of utmi with usb 2.O Fpga implementation of utmi with usb 2.O
Fpga implementation of utmi with usb 2.O
 
FPGA-based Design System for a Two-Segment Fibonacci LFSR Random Number Gener...
FPGA-based Design System for a Two-Segment Fibonacci LFSR Random Number Gener...FPGA-based Design System for a Two-Segment Fibonacci LFSR Random Number Gener...
FPGA-based Design System for a Two-Segment Fibonacci LFSR Random Number Gener...
 
Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator Pseudo Random Bit Sequence Generator
Pseudo Random Bit Sequence Generator
 

Recently uploaded

Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 

Recently uploaded (20)

Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 

Module 5 Pseudo Random Sequence(SEE NOW).pptx

  • 1. Module -5 Pseudo-Random-Sequence Generators and Stream Ciphers: Linear Congruential Generators, Linear Feedback Shift Registers, Design and analysis of stream ciphers, Stream ciphers using LFSRs, A5, Hughes XPD/KPD, Nanoteq, Rambutan, Additive generators, Gifford, Algorithm M, PKZIP (Text 2: Chapter 16) Dr RSG 25-12-2023 1
  • 2. Linear Congruential Generators Dr RSG 25-12-2023 2 Linear congruently generators are pseudo-random-sequence generators of the form Xn = (aXn-1 + b) mod m. In which Xn is the nth number of the sequence, and Xn-1 is the previous number of the sequence. The variables a, b, and m are constants: a is the multiplier, b is the increment, and m is the modulus. The key, or seed, is the value of X0. This generator has a period no greater than m. If a, b, and m are properly chosen, then the generator will be a maximal period generator (sometimes called maximal length) and have period of m. The advantage of linear congruential generators is that they are fast, requiring few operations per bit. Unfortunately, linear congruential generators cannot be used for cryptography.
  • 3. Feedback Shift Registers A feedback shift register is made up of two parts: a shift registers and a feedback function. The shift register is a sequence of bits. Shift register sequences are used in both cryptography and coding theory. Feedback Shift Registers (FSRs) are used in stream ciphers. Each time the system is clocked, the internal state is shifted right, outputting one symbol, and the new left bit is computed from the previous state by a function f. The Nonlinear Feedback Shift Registers (NLFSRs) use a nonlinear function f. The feedback bit is computed = 𝑓 𝑆𝑡,..., 𝑆𝑡−𝐿+1 Dr RSG 25-12-2023 3 as 𝑆𝑡+1 where f can be any function in L variables. Each time the system is clocked, the internal bits are shifted, s t − L + 1 being output; the new left bit is s t + 1.
  • 4. 25-12-2023 Dr RSG 4 Nonlinear Feedback Shift Register Feedback Shift Register
  • 5. Linear Feedback Shift Registers Dr RSG 25-12-2023 5 A linear feedback shift register (LSFR) is a shift register that takes a linear function of a previous state as an input. LSFRs are used for digital counters, cryptography and circuit testing. A linear feedback shift register takes a linear function, typically an exclusive OR, as an input. An LSFR, like other shift registers, is a cascade of flip-flop circuits. The bits that change state for the others in the cascade are called taps. Two of the major schemes for connecting taps are Fibonacci and Galois. In the Fibonacci configuration, the taps are cascaded and fed into the leftmost bit. In a Galois configuration, LSFRs are used in cryptography for pseudo-random number generation, pseudo-noise sequences and whitening sequences.
  • 6. LFSRs are the most common type of shift registers used in cryptography. A 4-bit LFSR tapped at the first and fourth bit. If it is initialized with the value 1 1 1 1, it produces the following sequence of internal states before repeating: 1 1 1 1 0 1 1 1 1 0 1 1 0 1 0 1 1 0 1 0 1 1 0 1 0 1 1 0 0 0 1 1 Dr RSG 25-12-2023 6
  • 7. 1 0 0 1 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 0 1 1 0 0 1 1 1 0 The output sequence is the string of least significant bits: 1 1 1 1 0 1 0 1 1 0 0 1 0 0 0 . . . . Dr RSG 25-12-2023 7
  • 8. An n-bit LFSR generate a 2n - 1 bit-long pseudo-random sequence before repeating. Only LFSRs with certain tap sequences will cycle through all 2n - 1 internal states; these are the maximal-period LFSRs. The resulting output sequence is called an m-sequence. In order for a particular LFSR to be a maximal-period LFSR, the polynomial formed from a tap sequence plus the constant 1 must be a primitive polynomial mod 2. The degree of the polynomial is the length of the shift register. Primitive trinomials are fastest in software, because only two bits of the shift register have to be XORed to generate each new bit Dr RSG 25-12-2023 8
  • 9. 25-12-2023 Dr RSG 9 Linear Feedback Shift Registers 4 bit Linear Feedback Shift Registers
  • 10. 32-bit long maximal-length LFSR. Dr RSG 25-12-2023 10
  • 11. LFSRs in Software: LFSRs are slow in software, but they're faster in assembly language than in C. Primitive trinomials are fastest in software, because only two bits of the shift register have to be XORed to generate each new bit. To update shift registers multiply suitable binary matrices to the current state. It is possible to modify LFSR's feedback scheme. Instead of using the bits in the tap sequence to generate the new left-most bit, each bit in the tap sequence is XORed with the output of the generator and replaced; then the output of the generator becomes the new left-most bit. This is called a Galois configuration. The Galois configuration is faster in hardware, especially in custom VLSI implementations. In general, by using hardware that is good at shifts, use a Fibonacci configuration; when exploit parallelism, use Galois configuration. So that, all the XORs are done in single operation. Dr RSG 25-12-2023 11
  • 12. Design and Analysis of Stream Ciphers two binary words and to implement a vectorized version of a LFSR efficiently. Dr RSG 25-12-2023 12 Most practical stream-cipher designs center around LFSRs. In VLSI circuitry, a LFSR-based stream cipher gives a lot of security with only a few logic gates. LFSRs are very inefficient in software. Hence, any stream cipher should be need to iterate the algorithm 64 times to get 1 bit encrypted output, but in DES a single iteration is enough to get 1bit encrypted output. A simple LFSR algorithm like shrinking generator is no faster than DES software. However, most majority military encryptions systems are based on LFSRs. In most Cray computers (Cray 1, Cray X-MP, Cray Y-MP) are used “population count” instructions. It counts 1 bits in a register and used for both to calculate the Hamming distance between
  • 13. Linear Complexity: Analyzing stream ciphers is easier than analyzing block ciphers. One important metric used to analyze LFSR-based generators is linear complexity, or linear span. This is defined as the length, n, of the shortest LFSR that can mimic the generator output. Any sequence generated by a finite-state machine over a finite field has a finite linear complexity. Linear complexity is important because a simple algorithm, called the Berlekamp-Massey algorithm, can generate this LFSR after examining only 2n bits of the keystream. Once generated this LFSR, the stream cipher can be broken. A further enhancement is the notion of a linear complexity profile, which measures the linear complexity of the sequence as it gets longer and longer. Hence, a high linear complexity does not necessarily indicate a secure generator, but a low linear complexity indicates an insecure one. Dr RSG 25-12-2023 13
  • 14. Correlation Immunity Cryptographers are tried to get a high linear complexity by combining the output of several output sequences in some nonlinear manner. However, there is a drawback tragedy that one or more of the internal output sequences—often just outputs of individual LFSRs are correlated with the combined keystream and attacked using linear algebra. This is called a correlation attack or a divide-and- conquer attack. So, there is a trade-off between correlation immunity and linear complexity. The idea behind the correlation attack is to identify some correlation between the output of the generator and the output of one of its internal pieces. Then, by observing the output sequence, it is possible to obtain information about that internal output. Using that information and other correlations, collect information about the other internal outputs until the entire generator is broken. Dr RSG 25-12-2023 14
  • 15. Other Attacks There are other general attacks against keystream generators. The linear consistency test attempts to identify some subset of the encryption key using matrix techniques. There is also the meet-in-the-middle consistency attack. The linear syndrome algorithm relies on being able to write a fragment of the output sequence as a linear equation. There is the best affine approximation attack and the derived sequence attack. The techniques of differential cryptanalysis have even been applied to stream ciphers as has linear cryptanalysis. Dr RSG 25-12-2023 15
  • 16. Stream Ciphers Using LFSRs Dr RSG 25-12-2023 16 The basic approach to designing a keystream generator using LFSRs is simple. First take one or more LFSRs, generally of different lengths and with different feedback polynomials. When the lengths are all relatively prime and the feedback polynomials are all primitive, the whole generator is maximal length. The key is the initial state of the LFSRs. Every time a bit shift the LFSRs once (this is sometimes called clocking). The output bit is a function, preferably a nonlinear function, of some of the bits of the LFSRs. This function is called the combining function, and the whole generator is called a combination generator. If the output bit is a function of a single LFSR, the generator is called a filter generator. Some generators have LFSRs clocked at different rates; sometimes the clocking of one generator depends on the output of another. These are all electronic versions of pre- WWII cipher machine ideas, and are called clock-controlled generators. Clock control can be feedforward, where the output of one LFSR controls the clocking of another, or feedback, where the output of one LFSR controls its own clocking.
  • 17. Geffe Generator This keystream generator uses three LFSRs, combined in a nonlinear manner. Two of the LFSRs are used as the inputs to multiplexer, and the third LFSR controls the output of the multiplexer. If a1, a2, and a3 are the outputs of the three LFSRs, the output of the Geffe generator described by: b = (a1 ^ a2) • ((¬ a1) ^ a3). If the LFSRs have lengths n1, n2, and n3, respectively, then the linear complexity of the generator is (n1 + 1)n2 + n1n3. The period of the generator is the least common multiple of the periods of the three generators. Assuming the degrees of the three primitive feedback polynomials are relatively prime, then the period of this generator is the product of the periods of the three LFSRs. Cryptographically Geffe generator is weak and it falls under correlation attack. The output of the generator equals the output of LFSR-2 about 75 percent of the time. Dr RSG 25-12-2023 17
  • 18. So, if the feedback taps are known, it is possible to guess the initial value for LFSR- 2 and generate the output sequence of that register. Further, count the number of times the output of the LFSR-2 agrees with the output of the generator. During the wrong guess, the two sequences will agree about 50 percent of the time; For the right guess, the two sequences will agree about 75 percent of the time. Similarly, the output of the generator equals the output of LFSR-3 about 75 percent of the time. With those correlations, the keystream generator can be easily cracked. Geffe Generator Dr RSG 25-12-2023 18
  • 19. Generalized Geffe Generator Instead of choosing between two LFSRs, this scheme chooses between k LFSRs, as long as k is a power of 2. There are k + 1 LFSRs total. LFSR-1 must be clocked log2k times faster than the other k LFSRs. Even though this scheme is more complex than the Geffe generator, the same kind of correlation attack is possible. Generalized Geffe Generator Dr RSG 25-12-2023 19
  • 20. Jennings Generator This scheme uses a multiplexer to combine two LFSRs. The multiplexer, controlled by LFSR-1, selects 1 bit of LFSR-2 for each output bit. There is a function, which maps the output of LFSR-2 to the input of the multiplexer. The key is the initial state of the two LFSRs and the mapping function. Although this generator has great statistical properties, it fell to meet-in-the-middle consistency attack and the linear consistency attack. Jennings Generator 25-12-2023 Dr RSG 20
  • 21. Beth-Piper Stop-and-Go Generator This generator uses the output of one LFSR to control the clock of another LFSR. The clock input of LFSR-2 is controlled by the output of LFSR-1, so that LFSR-2 can change its state at time t only if the output of LFSR-1 was 1 at time t - 1. No one has been able to prove results about this generator’s linear complexity in the general case. However, it falls to a correlation attack. Beth-Piper Stop-and-Go Generator Dr RSG 25-12-2023 21
  • 22. Alternating Stop-and-Go Generator This generator uses three LFSRs of different length. LFSR-2 is clocked when the output of LFSR-1 is 1; LFSR-3 is clocked when the output of LFSR-1 is 0. The output of the generator is the XOR of LFSR-2 and LFSR-3. This generator has a long period and large linear complexity. However it has correlation attack against LFSR-1, but it does not substantially weaken the generator. Alternating Stop-and-Go Generator Dr RSG 25-12-2023 22
  • 23. Bilateral Stop-and-Go Generator This generator uses two LFSRs, both of length n. The output of the generator is the XOR of the outputs of each LFSR. If the output of LFSR-2 at time t – 1 is 0 and the output at time t – 2 is 1, then LFSR-2 does not clock at time t. Conversely, if the output of LFSR-1 at time t – 1 is 0 and the output at t – 2 is 1, and if LFSR-1 clocked at time t, then LFSR-2 does not clock at time t. The linear complexity of this system is roughly equal to the period. No evident key redundancy has been observed in this system. Bilateral Stop-and-Go Generator Dr RSG 25-12-2023 23
  • 24. Threshold Generator This generator tries to get around the security problems of the previous generators by using a variable number of LFSRs. When a lot of LFSRs are used, it’s harder to break the cipher. Here, the lengths of all the LFSRs are relatively prime and all the feedback polynomials are primitive to maximize the period. Now take the output of a large number of LFSRs, If more than half the output bits are 1, then the output of the generator is 1. If more than half the output bits are 0, then the output of the generator is 0. Threshold Generator 25-12-2023 Dr RSG 24
  • 25. Self-Decimated Generators Self-decimated generators are generators that control their own clock. Two have been proposed, one by Rainer Rueppel and another by Bill Chambers and Dieter Gollmann. In Rueppel's generator, when the output of the LFSR is 0, the LFSR is clocked d times. When the output of the LFSR is 1, the LFSR is clocked k times. Chambers's and Gollmann's generator is more complicated with same concept. Unfortunately both generators are insecure although some modifications have been proposed. Rueppel’s self-decimated generator Dr RSG 25-12-2023 25 Chambers's and Gollmann's self-decimated generator
  • 26. Multispeed Inner-Product Generator This generator proposed by Massey and Rueppel. It uses two LFSRs clocked at two different speeds. LFSR-2 is clocked d times as fast as LFSR- 1 . The individual bits of the two LFSRs are ANDed together and then XORed with each other to produce the final output bit of the generator. Although this generator has high linear complexity and it possesses excellent statistical properties, it still falls to a linear consistency attack . If n1 is the length of LFSR- 1, n2 is the length of the LFSR-2, and d is the speed multiple between the two, then the internal state of the generator can be recovered from an output sequence of length: n1 + n2 + log2d Multispeed Inner-Product Generator Dr RSG 25-12-2023 26
  • 27. Summation Generator This generator also proposed by Rainer Rueppel, it adds the output of two LFSRs with carry. This operation is highly nonlinear. Through the late 1980, this generator was the security front-runner, but it fell to a correlation attack. This is an example of a feedback with carry shift register but it can be broken. DNRSG stands for "dynamic random-sequence generator". The idea is to have two different filter generators-threshold, summation, or whatever-fed by a single set of LFSRs and controlled by another LFSR. First clock all the LFSRs, If the output of LFSR-0 is 1, then compute the output of the first filter generator. If the output of LFSR-0 is 0, then compute the output of the second filter generator. The final output is the first output XOR the second. Dr RSG 25-12-2023 27
  • 28. Gollmann Cascade The Gollmann cascade is a strengthened version of a stop-and-go generator. It consists of a series of LFSRs, with the clock of each controlled by the previous LFSR. If the output of LFSR-1 is 1 at time t - 1 , then LFSR-2 clocks. If the output of LFSR-2 is 1 at time t - 1, then LFSR-3 clocks, and so on. The output of the final LFSR is the output of the generator. If all the LFSRs have the same length, n, the linear complexity of a system with k LFSRs is n(2n-1)k-1 . Cascades are used to generate sequences with huge periods, huge linear complexities, and good statistical properties. They are vulnerable to an attack called lock-in. Using lock-in technique the cryptanalyst reconstructs the input to the last shift register in the cascade, then proceeds to break the cascade register by register. Dr RSG 25-12-2023 28
  • 29. Gollmann cascade Dr RSG 25-12-2023 29 To avoid the recent attacks in Gollmann cascades, the random sequence approaches k can be increased up to 15 and also use more number of LFSRs of shorter length than fewer number of LFSRs with longer length.
  • 30. Shrinking Generator The shrinking generator uses a different form of clock control than the previous generators. It has two LFSRs, LFSR- 1 and LFSR-2. Both are clocked simultaneously and the outputs are observed that if LFSR- 1 has output 1 , then the output of the generator is LFSR-2. If the output of LFSR-1 is 0, discard the clock bits of both LFSRs, and try again. This idea is reasonably efficient and looks secure. If the feedback polynomials are sparse, the generator is vulnerable. However, it has one implementation problem that the generator outputs is nothing when LFSR- 1 has a long string of zeros. Dr RSG 25-12-2023 30
  • 31. Self-Shrinking Generator The self-shrinking generator is a variant of the shrinking generator. In this generator a pairs of bits used in single LFSR, instead of using two LFSRs. Clock the LFSR twice. If the first bit in the pair is 1 , the output of the generator is the second bit. If the first bit is 0, discard both bits and try again. While the self- shrinking generator requires about half the memory space as the shrinking generator, it is also half the speed. While the self-shrinking generator also seems secure, it still has some unexplained behavior and unknown properties. This is a very new generator. Dr RSG 25-12-2023 31
  • 32. A5 Dr RSG 25-12-2023 32 A5 is the stream cipher used to encrypt GSM (Group Special Mobile). Here a non- American standard is used to encrypt the link from the telephone to the base station for digital cellular mobile telephones. The rest of the link is unencrypted; the telephone company can easily eavesdrop on our conversations. A5 consists of three LFSRs; the register lengths are 19, 22, and 23; all the feedback polynomials are sparse. The output is the XOR of the three LFSRs. A5 uses variable clock control. Each register is clocked based on its own middle bit, XORed with the inverse threshold function of the middle bits of all three registers. Usually, two of the LFSRs clock in each round. There is a trivial attack requiring 240 encryptions: Guess the contents of the first two LFSRs, then try to determine the third LFSR from the keystream. It is clear that the basic ideas behind A5 are good. It is very efficient. It passes all known statistical tests; its only known weakness is that its registers are short enough to make exhaustive search feasible. Variants of A5 with longer shift registers and denser feedback polynomials should be secure.
  • 33. Hughes XPD/KPD Dr RSG 25-12-2023 33  This XPD algorithm is designed in the year1986 by Hughes Aircraft Corp and it is used as an Export able Protection Device. Later it was renamed KPD—Kinetic Protection Device—and declassified.  The algorithm uses a 61-bit LFSR. There are 210 different primitive feedback Polynomials and the key is selected from one of these polynomials as well as the initial state of the LFSR.  It has eight different nonlinear filters, each of which has six taps from the LFSR and which produces 1 bit. The bits combine to generate a byte, which is used to encrypt or decrypt the data stream.  This algorithm looks pretty impressive, but there must be some attack on the order of 240 or less.
  • 34. Nanoteq Dr RSG 25-12-2023 34 This algorithm has been fielded by the South African police to encrypt their fax transmissions, and presumably for other uses as well. It uses a 127-bit LFSR with a fixed feedback polynomial; the key is the initial state of the feedback register. The 127 bits of the register are reduced to a single keystream bit using 25 primitive cells. Each cell has five inputs and one output: f(x1,x2,x3,x4,x5) = x1 + x2 + (x1 + x3) (x2 + x4 + x5) + (x1 + x4) (x2 + x3) + x5 Each input of the function is XORed with some bit of the key. There is also a secret permutation that depends on the particular implementation, This algorithm is only available in hardware. Ross Anderson took some initial steps towards cryptanalyzing this algorithm.
  • 35. Rambutan Dr RSG 25-12-2023 35 Rambutan is a British algorithm, designed by the Communications Electronics Security Group. It is sold as a hardware module and is approved for the protection of classified material up to “Confidential.” The algorithm itself is secret, and the chip is not commercially available. Rambutan has a 112-bit key (plus parity bits) and operate in three modes: ECB (Electronic Codebook), C B C (Cipher Block Chaining), and 8-bit CFB (Cipher Feedback Mode). This indicates strongly that it is a block algorithm. It is a LFSR stream cipher. It has five shift registers, each one of a different length around 80 bits. The feedback polynomials are fairly sparse, with only about 10 taps each. Each shift register provides four inputs to a very large and complex nonlinear function which eventually spits out a single bit.
  • 36. Additive generators (Lagged Fibonacci generators) are extremely efficient, which produce random words instead of random bits. They are not secure on their own, but it can be used as building blocks for secure generators. The initial state of the generator is an array of n-bit words: 8-bit words, 16-bit words, 32-bit words, whatever: X1, X2, X3,..., Xm. This initial state is the key. The ith word of the generator is Xi = (Xi-a + Xi-b + Xi-c +...+ Xi-m) mod 2n. If the coefficients a, b, c,..., m are chosen right, the period of this generator is at least 2n - 1. One of the requirements on the coefficients is that the least significant bit forms a maximal- length LFSR. Let (55,24,0) is a primitive polynomial mod 2n . Hence, the maximal length of additive generator is. Xi = (Xi-55 + Xi-24) mod 2n. In this example the primitive polynomial has three coefficients. However, for more than three coefficients some additional requirements to make it maximal length. Dr RSG 25-12-2023 36
  • 37. Fish (Fibonacci shrinking generator) Fish is an additive generator based on techniques used in the shrinking generator. It produces a stream of 32-bit words which can be XORed with a plaintext stream to produce ciphertext, or XORed with a ciphertext stream to produce plaintext. The algorithm is named as it is because it is a Fibonacci shrinking generator. First, use these two additive generators. The key is the initial values of these generators. Ai = (Ai-55 + Ai-24) mod 232 Bi = (Bi-52 + Bi-19) mod 232 These sequences are shrunk, as a pair, depending on the least significant bit of Bi: if it is 1, use the pair; if it is 0, ignore the pair. Cj is the sequence of used words from Ai, and Dj is the sequence of used words from Bi. Dr RSG 25-12-2023 37
  • 38. These words are used in pairs—C2j, C2j+1, D2j, and D2j+1—to generate two 32-bit output words: K2j and K2j+1. E2j = C2j • (D2j ^ D2j+1) F2j = D2j+1 ^ (E2j ^ C2j+1) K2j = E2j • F2j K2i+1 = C2i+1 • F2j This algorithm is fast. On a 33 megahertz 486, a C implementation of Fish encrypts data at 15 megabits per second. Unfortunately, it is also insecure; an attack has a work factor of about 240 Dr RSG 25-12-2023 38
  • 39. Pike Pike is a leaner, meaner version of Fish, the man who broke Fish. It uses three additive generators. For example: Ai = (A i-55 + A i-24) mod 232 Bi = (B i-57 + B i-7) mod 232 Ci = (C i-58 + C i-19) mod 232 To generate the keystream word, look at the addition carry bits. If all three agree (all are 0 or all are 1), then clock all three generators. If they do not, just clock the two generators that agree. Save the carry bits for next time. The final output is the XOR of the three generators. Pike is faster than Fish, since on the average 2.75 steps will be required per output rather than 3. It is far new to trust, but looks good so far. Dr RSG 25-12-2023 39
  • 40. Mush Mush is a mutual shrinking generator. Take two additive generators: A and B. If the carry bit of A is set, clock B. If the carry bit of B is set, clock A. Clock A, and set the carry bit if there is a carry. Clock B, and set the carry bit if there is a carry. The final output is the XOR of the output of A and B. The easiest generators to use are the ones from Fish: Ai = (A i-55 + A i-24) mod 232 Bi = (B i-52 + B i-19) mod 232 On the average, three generator iterations are required to produce one output word. When the coefficients of additive generators are chosen correctly and are relatively prime, the output sequence will be maximal length. This algorithm is very new. Dr RSG 25-12-2023 40
  • 41. Gifford algorithm was broken in 1994. Dr RSG 25-12-2023 41 David Gifford invented a stream cipher, which is used to encrypt news wire reports in the Boston area from 1984 until 1988. This algorithm has a single 8-byte register: b0, b1,..., b7. The key is the initial state of the register and the algorithm works in Output Feedback mode (OFB). To generate a key byte ki, concatenate b0 and b2 and concatenate b4 and b7. Multiply the two together to get a 32-bit number. The third byte from the left is ki. To update the register, take b1 and sticky right shift it 1 bit. This means the left-most bit is both shifted and also remains in place. Take b7 and shift it 1 bit to the left; there should be a 0 in the right-most bit position. Take the XOR of the modified b1, the modified b7, and b0. Shift the original register 1 byte to the right and put this byte in the left-most position. This
  • 42. Gifford Method Dr RSG 25-12-2023 42
  • 43. PKZIP : Roger Schlafly designed the encryption algorithm built into the PKZIP data compression program. It’s a stream cipher that encrypts data one byte at a time. The algorithm uses three 32-bit variables, initialized as follows: K3 = ((K2 | 2) * ((K2 | 2) ^ 1)) >> 8 Dr RSG 25-12-2023 43 K0 = 305419896, K1 = 591751049, K2 = 878082192 . It has an 8-bit key, K3, derived from K2. In this algorithm all symbols are had standard C notation. Ci = Pi ^ K3 K0 = crc32 (K0, Pi) K1 = K1 + (K0 & 0×000000ff) K1 = K1 * 134775813 + 1 K2 = crc32 (K2, K1 >> 24)
  • 44. The function crc32 takes the previous value and a byte, XORs them, and calculates the next value by the CRC polynomial denoted by 0×edb88320. In practice, a 256- entry table can be precomputed and the crc32 calculation becomes: crc32 (a, b) = (a >> 8) ^ table [(a & 0×ff) • b], The table is precomputed by the original definition of crc32: table [i] = crc32 (i, 0). To encrypt a plaintext stream, first loop the key bytes through the encryption algorithm to update the keys. Ignore the ciphertext output in this step. Then encrypt the plaintext, one byte at a time. Twelve random bytes are prepended to the plaintext. Decryption is similar to encryption, except that Ci is used in the second step of the algorithm instead of Pi. PKZIP encryption is not secure one. An attack requires 40 to 200 bytes of known plaintext and has a time complexity of about 227 . Dr RSG 25-12-2023 44
  • 45. University questions – Module -5 March -2022 Write an explanatory note on Linear Feedback Shift Register -10 Explain the following with necessary diagrams: (i)Generalized Geffe Generator (ii)Threshold Generator (iii)Alternating stop and go generator -10 Explain Additive generator. Also explain fish and pike additive generator -10 With a neat diagram, explain the concept of Gifford - 6 Write a short note on A5 - 4 Dr RSG 25-12-2023 45
  • 46. August 2022 Explain LFSR and how the shift register sequences are used in cryptography -10 Write note on: Design and analysis of stream cipher – 10 Write short notes on: (i)Geffe Generator - 6 (ii)A5 to encrypt GSM - 6 (iii)NANOTEQ and RAMBUTAN – 8 January-2023 Explain the linear congruential generators. – 5 With a neat figure, explain the generalized Geffe generator – 7 Dr RSG 25-12-2023 46
  • 47. With neat figures explain: (i)Beth-piper stop and go generator (ii) Alternating stop and go generator – 8 With neat figure, explain bilateral stop and go generator – 8 Explain Gifford algorithm with relevant diagram – 6 Explain Fish and Pike algorithms with relevant equations – 6 Dr RSG 25-12-2023 47