# LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012.

## Presentation on theme: "LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012."— Presentation transcript:

LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012

Outline Linear Feedback Shift Registers (LFSR) Interesting properties of LFSR Stream ciphers with LFSR – correlation attacks A5/1 and it’s weaknesses Looking forward

Linear Feedback Shift Registers (LFSR) Very basic example, 3 bit register XOR 123 Output Bit 101101 110110

Linear Feedback Shift Registers (LFSR)

Properties of LFSR Maximal vs. non-maximal length Cyclic Non-maximal governed by front two bits. 101101 110110 011011 101101 110110 111111 011011 001001 100100 010010

Properties of LFSR Columns are exact rotations of each other. If we look at it as a matrix, different “initializations” or start states yield a rotation of the entire matrix. 101101 110110 111111 011011 001001 100100 010010 001001 100100 010010 101101 110110 111111 011011

Properties of LFSR Columns are exact rotations of each other. If we look at it as a matrix, different “initializations” or start states yield a rotation of the entire matrix. 101101 110110 111111 011011 001001 100100 010010 001001 100100 010010 101101 110110 111111 011011

LFSR and Galois Fields

101101 110110 111111 011011 001001 100100 010010 101101 010010 001001 100100 110110 111111 011011

Can reverse the tap positions to get another, identical set of LFSR states. If the original feedback set is [m, A, B, C], the reversed feedback set is described by [m, m-C, m-B, m-A]. Easy to find another irreducible polynomial.

LFSR and Galois Fields

LFSR and Stream Ciphers LFSR can be used as a stream cipher. Remember that stream ciphers are similar to PRNG in that they output a single bit at a time, and data is encrypted bit by bit until the whole plaintext has been encrypted. A single LFSR as a cipher is vulnerable to due it’s cyclic nature, so we combine multiple LFSR to achieve this.

LFSR and Stream Ciphers First, we define a boolean function. For example, consider the following diagram.

LFSR and Stream Ciphers

LFSR and Stream Ciphers – Correlation Attacks Since registers are private, they are not independent beings to an attacker, so the whole system must be broken. Idea: Try to correlate one register to the boolean function, improving a brute force attack. If it is correlated, it can be broken separately (independent of the system), vastly improving complexity. More likely than it seems, with enough registers, due to the linear nature of LFSR, some patterns and correlations will appear – linear recursive equations.

LFSR and Stream Ciphers – Correlation Attacks

LFSR and Stream Ciphers – A5/1

Use the following LFSR’s of length 19, 21, and 22. R1 has taps 13,16,17,18 R2 has taps 20, 21 R3 has taps 7, 20, 21, 22

LFSR and Stream Ciphers – A5/1

Attacks on A5/1 – Known Plaintext

Attacks on A5/1 – Active Attacks Barkhan, Biham, and Keller developed the most serious weakness – an active attack with A5/2 – if the phone supports it. They also published another paper in 2006, furthering their attacks and fully breaking A5/1. A5/3 or KASUMI

Future Algorithms like RC4/5/6 have been developed and avoid the use of LFSR – have their own set of problems. LFSR are interesting and are good for ‘random’ hardware testing, and if constructed correctly, can be useful in some cryptographic applications. Note that A5/1’s weaknesses are less about the structure of LFSR and more about the structure of GSM.

References Elad Barkan, Eli Biham, Nathan Keller, Instant Ciphertext- Only Cryptanalysis of GSM Encrypted Communication, 2003/2006 Patrik Edhal, On LFSR-based Stream Ciphers (PhD), 2003 Alex Biryukov, Adi Shamir, David Wagner, Real Time Cryptanalysis of A5/1 on a PC, 2000 http://www.newwaveinstruments.com/resources/articles/m _sequence_linear_feedback_shift_register_lfsr.htm http://www.newwaveinstruments.com/resources/articles/m _sequence_linear_feedback_shift_register_lfsr.htm Thomas Johansson, Fredrik Jonsson, Improved Fast Correlation Attacks on Stream Ciphers via Convolutional Codes, 1999

Download ppt "LINEAR FEEDBACK SHIFT REGISTERS, GALOIS FIELDS, AND STREAM CIPHERS Mike Thomsen Cryptography II May 14 th, 2012."

Similar presentations