Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Method for Generating Full Cycles by a Composition of NLFSRs Elena Dubrova Royal Institute of Technology – KTH Stockholm, Sweden.

Published byLizbeth Lawson Modified over 8 years ago

Similar presentations

Presentation on theme: "A Method for Generating Full Cycles by a Composition of NLFSRs Elena Dubrova Royal Institute of Technology – KTH Stockholm, Sweden."— Presentation transcript:

1 A Method for Generating Full Cycles by a Composition of NLFSRs Elena Dubrova Royal Institute of Technology – KTH Stockholm, Sweden

2 p. 2 - WCC’2013 - April 15, 2013 Problem addressed Motivation Contribution of the paper Construction method Conclusion and future work Outline

3 p. 3 - WCC’2013 - April 15, 2013 How to efficiently generate n-variate mappings of type {0,1} n  {0,1} n whose state transition graphs have single cycles of the maximum possible length 2 n ? Problem addressed 00 01 10 11 x1x2…xnx1x2…xn f 1 (x 1,x 2,…,x n ) f 2 (x 1,x 2,…,x n ) … f n (x 1,x 2,…,x n ) 

4 p. 4 - WCC’2013 - April 15, 2013 Single-cycle mappings are frequently used primitives in cryptography For stream ciphers, single-cycle property is important because then the sequence of generated states cannot be trapped in a short cycle Motivation

5 p. 5 - WCC’2013 - April 15, 2013 Feedback shift registers can be used to efficiently implement n-variate mappings {0,1} n  {0,1} n of type: Implementation by FSRs x1x2…xnx1x2…xn x 2 x 3 … f(x 1,x 2,…,x n ) 

6 p. 6 - WCC’2013 - April 15, 2013 Linear Feedback Shift Register (LFSR) Feedback Shift Registers 5 4 3 2 1 n binary storage elements linear feedback function has cycle of length 2 n -1 iff its characteristic polynomial is primitive 5 4 3 2 1 Non-Linear Feedback Shift Register (NLFSR)

7 p. 7 - WCC’2013 - April 15, 2013 An NLFSR is invertible iff its feedback function is of type (“  ” is addition mod 2) f(x 1,x 2,…,x n ) = x 1  g(x 2,x 3,…,x n ) Conditions for single-cycle NLFSRs are not known There are 2 2 n-1 -n single-cycle n-bit NLFSRs Existing algorithms for constructing single-cycle NLFSRs are applicable to n < 32 Fredricksen, H. (1982) “A Survey of Full-Length Nonlinear Shift Register Cycle Algorithms”, SIAM Review, 24(2), 195-221 Dubrova, E. (2012) “List of Maximum-Period NLFSRs”, Cryptology ePrint Archive, 2012/166 NLFSRs

8 p. 8 - WCC’2013 - April 15, 2013 If we place in parallel k NLFSRs with largest cycles of length L 1, L 2,…, L k, we get a mapping with the largest cycle of length LCM(L 1, L 2,…, L k ) Combining smaller NLFRs NLFSR 2 f2f2 … NLFSR k fkfk n 1 + n 2 +…+ n k state NLFSR 1 f1f1 Example: n 1 = 3, L 1 = 7 n 2 = 4, L 2 = 15 n 3 = 5, L 2 = 31 7×15×31 = 3255 2 3+4+5 = 4096

9 p. 9 - WCC’2013 - April 15, 2013 A method for generating single-cycle mappings of type {0,1} n×k  {0,1} n×k using k NLFSRs of equal size n Contribution of the paper NLFSR 2 + f2f2 NLFSR 1 + f1f1 … NLFSR k + fkfk Extra logic n × k state

10 p. 10 - WCC’2013 - April 15, 2013 We used NLFSRs with two types of cycles –a cycle of length 2 n -1 containing all non-0 states –a cycle of length 1 containing 0 state Construction method If we place k such NLFSRs in parallel, we get a mapping with the following cycle structure: cycles of length 2 n -1 one cycle of length 1 (0 state)  i=0 k-1 2 ni We will join these cycles into one by applying cycle- joining transformations

11 p. 11 - WCC’2013 - April 15, 2013 In an NLFSR, any state has two possible successors and two possible predecessors Cycle-joining transformations inputoutput S 0 S 1 S 0 S 1 A B If A and B are contained in different cycles, by exchanging their successors we can join two cycles into one A+A+ B+B+

12 p. 12 - WCC’2013 - April 15, 2013 Joining cycles by exchanging successors A B A+A+ B+B+

13 p. 13 - WCC’2013 - April 15, 2013 If A and B are contained in the same cycle, by exchanging their successors, we split the cycles into two Splitting a cycle A B A+A+ B+B+

14 p. 14 - WCC’2013 - April 15, 2013 In our case, any state can have 2 k possible successors and 2 k possible predecessors We apply cycle-joining to the states of type: If A and B are in different cycles, by exchanging their successors we join two cycles into one Our case A B S1S1 c1c1 S2S2 c2c2 SkSk ckck … S1S1 c’ 1 S2S2 c’ 2 SkSk c’ k … c is the Boolean complement of c

15 p. 15 - WCC’2013 - April 15, 2013 Successors can be exchanged by adding to the feedback function of every NLFSR minterms corresponding to the states A and B –For example, 1010 corresponds to minterm x 4 x 3 x 2 x 1 –If feedback function f evaluates to 0 for the assignment 1010, then function f  x 4 x 3 x 2 x 1 evaluates to 1 for 1010 The challenge is to join an exponential number of cycles using additional logic of linear size How to exchange successors

16 p. 16 - WCC’2013 - April 15, 2013 We chose as dedicated the states with the minimal decimal representation We proved that –If A is a minimal state of a cycle, then B is contained in another cycle –The set minterms corresponding to minimal states A of all cycles and the corresponding states B can be described by an expression of size O(nk) Choosing dedicated states A B S1S1 c1c1 S2S2 c2c2 SkSk ckck … S1S1 c’ 1 S2S2 c’ 2 SkSk c’ k …

17 p. 17 - WCC’2013 - April 15, 2013 By exchanging successors of the minimal states of all cycles, we get one cycle of length 2 n and other cycles of length 2 n (2 n -1) First joining step … #Gates to add: O(nk) k(n+4)-n-8 ANDs 2k+1 ORs k XORs Example: n=32, k=4 Total #gates = 117

18 p. 18 - WCC’2013 - April 15, 2013 Before computing the next state, the minimal state of each “flower” is transformed to the minimal state of next “flower”,etc, and finally the cycle of length 2 n is appended Joining the resulting cycles in one … … … … #Gates to add: O(nk 2 ) + one time step < 2nk ANDs, < nk 2 ORs, < 2nk XORs

19 p. 19 - WCC’2013 - April 15, 2013 We presented a method for generating single- cycle mappings of type {0,1} n×k  {0,1} n×k using k NLFSRs of equal size n An logic block of size O(nk 2 ) and an extra time step are required Future work involves security analysis of the presented method Conclusion

Download ppt "A Method for Generating Full Cycles by a Composition of NLFSRs Elena Dubrova Royal Institute of Technology – KTH Stockholm, Sweden."

Similar presentations

Switching circuits Composed of switching elements called “gates” that implement logical blocks or switching expressions Positive logic convention (active.

Switching circuits Composed of switching elements called “gates” that implement logical blocks or switching expressions Positive logic convention (active.
CSCI 115 Chapter 6 Order Relations and Structures.

CSCI 115 Chapter 6 Order Relations and Structures.
Lecture 24 MAS 714 Hartmut Klauck

Lecture 24 MAS 714 Hartmut Klauck
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.

Digital Kommunikationselektroink TNE027 Lecture 6 (Cryptography) 1 Cryptography Algorithms Symmetric and Asymmetric Cryptography Algorithms Data Stream.
Session 2: Secret key cryptography – stream ciphers – part 2.

Session 2: Secret key cryptography – stream ciphers – part 2.
Data Encryption Standard (DES)

Data Encryption Standard (DES)
Block ciphers 1 Session 3. Contents Design of block ciphers Non-linear transformations 2/25.

Block ciphers 1 Session 3. Contents Design of block ciphers Non-linear transformations 2/25.
Linearization of Stream Ciphers in Terms of Cellular Automata Amparo Fúster-Sabater Institute of Applied Physics (CSIC) Madrid (Spain)

Linearization of Stream Ciphers in Terms of Cellular Automata Amparo Fúster-Sabater Institute of Applied Physics (CSIC) Madrid (Spain)
EECS 150 - Components and Design Techniques for Digital Systems Lec 18 – Arithmetic II (Multiplication) David Culler Electrical Engineering and Computer.

EECS Components and Design Techniques for Digital Systems Lec 18 – Arithmetic II (Multiplication) David Culler Electrical Engineering and Computer.
CHAPTER 3 Digital Logic Structures

CHAPTER 3 Digital Logic Structures
A New Approach to Structural Analysis and Transformation of Networks Alan Mishchenko November 29, 1999.

A New Approach to Structural Analysis and Transformation of Networks Alan Mishchenko November 29, 1999.
Design of Arithmetic Circuits – Adders, Subtractors, BCD adders

Design of Arithmetic Circuits – Adders, Subtractors, BCD adders
Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.

Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard.
Session 2: Secret key cryptography – stream ciphers – part 1.

Session 2: Secret key cryptography – stream ciphers – part 1.
Chapter 5 Arithmetic Logic Functions. Page 2 This Chapter..  We will be looking at multi-valued arithmetic and logic functions  Bitwise AND, OR, EXOR,

Chapter 5 Arithmetic Logic Functions. Page 2 This Chapter..  We will be looking at multi-valued arithmetic and logic functions  Bitwise AND, OR, EXOR,
CS 105 Digital Logic Design

CS 105 Digital Logic Design
Andreas Steffen, 17.10.2011, 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Generating Random Numbers in Hardware. Two types of random numbers used in computing: --”true” random numbers: ++generated from a physical source (e.g.,

Generating Random Numbers in Hardware. Two types of random numbers used in computing: --”true” random numbers: ++generated from a physical source (e.g.,
Introduction to Digital Logic Design Appendix A of CO&A Dr. Farag

Introduction to Digital Logic Design Appendix A of CO&A Dr. Farag

Similar presentations

Ads by Google