Streamciphers are common cryptographic algorithms used to protect the confidentiality of frame-based communications like mobile phone conversations and Internet traffic. Streamciphers are ideal cryptographic algorithms to encrypt these types of traffic as they have the potential to encrypt them quickly and securely, and have low error propagation.ududThe main objective of this thesis is to determine whether structural features of keystream generators affect the security provided by stream ciphers.These structural features pertain to the state-update and output functions used in keystream generators. Using linear sequences as keystream to encrypt messages is known to be insecure. Modern keystream generators use nonlinear sequences as keystream.The nonlinearity can be introduced through a keystream generator's state-update function, output function, or both.ududThe first contribution of this thesis relates to nonlinear sequences produced by the well-known Trivium stream cipher. Trivium is one of the stream ciphers selected in a final portfolio resulting from a multi-year project in Europe called the ecrypt project. Trivium's structural simplicity makes it a popular cipher to cryptanalyse, but to date, there are no attacks in the public literature which are faster than exhaustive keysearch. Algebraic analyses are performed on the Trivium stream cipher, which uses a nonlinear state-update and linear output function to produce keystream. Two algebraic investigations are performed: an examination of the sliding property in the initialisation process and algebraic analyses of Trivium-like streamciphers using a combination of the algebraic techniques previously applied separately by Berbain et al. and Raddum. For certain iterations of Trivium's state-update function, we examine the sets of slid pairs, looking particularly to form chains of slid pairs. No chains exist for a small number of iterations.This has implications for the period of keystreams produced by Trivium.ududSecondly, using our combination of the methods of Berbain et al. and Raddum, we analysed Trivium-like ciphers and improved on previous on previous analysis with regards to forming systems of equations on these ciphers. Using these new systems of equations, we were able to successfully recover the initial state of Bivium-A.The attack complexity for Bivium-B and Trivium were, however, worse than exhaustive keysearch. We also show that the selection of stages which are used as input to the output function and the size of registers which are used in the construction of the system of equations affect the success of the attack.ududThe second contribution of this thesis is the examination of state convergence. State convergence is an undesirable characteristic in keystream generators for stream ciphers, as it implies that the effective session key size of the stream cipher is smaller than the designers intended. We identify methods which can be used to detect state convergence. As a case study, theMixer streamcipher, which uses nonlinear state-update and output functions to produce keystream, is analysed. Mixer is found to suffer from state convergence as the state-update function used in its initialisation process is not one-to-one. A discussion of several other streamciphers which are known to suffer from state convergence is given. From our analysis of these stream ciphers, three mechanisms which can cause state convergence are identified.The effect state convergence can have on stream cipher cryptanalysis is examined. We show that state convergence can have a positive effect if the goal of the attacker is to recover the initial state of the keystream generator.ududThe third contribution of this thesis is the examination of the distributions of bit patterns in the sequences produced by nonlinear filter generators (NLFGs) and linearly filtered nonlinear feedback shift registers. We show that the selection of stages used as input to a keystream generator's output function can affect the distribution of bit patterns in sequences produced by these keystreamgenerators, and that the effect differs for nonlinear filter generators and linearly filtered nonlinear feedback shift registers. In the case of NLFGs, the keystream sequences produced when the output functions take inputs from consecutive register stages are less uniform than sequences produced by NLFGs whose output functions take inputs from unevenly spaced register stages. The opposite is true for keystream sequences produced by linearly filtered nonlinear feedback shift registers.
展开▼
机译:流密码是常用的加密算法,用于保护基于帧的通信(如手机对话和Internet流量)的机密性。流密码是理想的加密算法,可以对这些类型的流量进行加密,因为它们可以快速,安全地对其进行加密,并且错误传播率低。 ud ud本论文的主要目的是确定密钥流生成器的结构特征是否会影响安全性。这些结构特征与密钥流生成器中使用的状态更新和输出功能有关。使用线性序列作为密钥流来加密消息是不安全的。现代的密钥流生成器使用非线性序列作为密钥流。可以通过密钥流生成器的状态更新函数,输出函数或同时使用这两种函数来引入非线性。 ud ud本论文的第一部分涉及众所周知的Trivium流产生的非线性序列。密码。 Trivium是在最终投资组合中选择的流密码之一,该投资组合是由欧洲多年项目ecrypt项目产生的。 Trivium的结构简单性使其成为进行密码分析的流行密码,但是迄今为止,在公共文献中还没有比穷举密钥搜索更快的攻击。对Trivium流密码进行代数分析,该密码使用非线性状态更新和线性输出函数来生成密钥流。进行了两个代数研究:在初始化过程中检查滑动特性,并使用先前由Berbain等人单独应用的代数技术的组合,对Trivium类流密码进行代数分析。和Raddum。对于Trivium的状态更新功能的某些迭代,我们检查了滑动对的集合,尤其是寻找形成滑动对的链。少量迭代没有链存在。这对Trivium产生的密钥流周期有影响。 ud ud其次,使用Berbain等人的方法组合。和Raddum,我们分析了Trivium类密码,并在先前分析的基础上进行了改进,在这些密码上形成方程组。使用这些新的方程组,我们能够成功恢复Bivium-A的初始状态,但是Bivium-B和Trivium的攻击复杂性要比详尽的密钥搜索更糟糕。我们还表明,用作输出函数输入的阶段的选择以及用于构造方程组的寄存器的大小会影响攻击的成功。 ud ud本论文的第二个贡献是状态收敛的检验。状态收敛是流密码的密钥流生成器中的不良特性,因为它暗示着流密码的有效会话密钥大小小于设计者的预期。我们确定了可用于检测状态收敛的方法。作为案例研究,分析了使用非线性状态更新和输出函数生成密钥流的混合器流密码。发现混合器存在状态收敛问题,因为其初始化过程中使用的状态更新功能不是一对一的。给出了其他几种受状态收敛影响的流密码的讨论。通过对这些流密码的分析,确定了导致状态收敛的三种机制。研究了状态收敛对流密码密码分析的影响。我们证明,如果攻击者的目标是恢复密钥流生成器的初始状态,则状态收敛可以起到积极的作用。 ud ud本论文的第三点贡献是研究了由密钥产生器产生的序列中比特模式的分布非线性滤波器发生器(NLFG)和线性滤波的非线性反馈移位寄存器。我们表明,选择用作密钥流生成器的输出函数的输入阶段会影响这些密钥流生成器生成的序列中位模式的分布,并且对于非线性滤波器生成器和线性滤波的非线性反馈移位寄存器,其效果有所不同。在NLFG的情况下,当输出函数从连续的寄存器级获取输入时所产生的密钥流序列,要比由NLFG的输出函数从间隔不均匀的寄存器级获取输入所产生的密钥流序列不一致。由线性滤波的非线性反馈移位寄存器产生的密钥流序列则相反。
展开▼
