1995
DOI: 10.1007/3-540-60693-9_10
|View full text |Cite
|
Sign up to set email alerts
|

Computation of low-weight parity checks for correlation attacks on stream ciphers

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
8
0

Year Published

2000
2000
2007
2007

Publication Types

Select...
6
2

Relationship

0
8

Authors

Journals

citations
Cited by 19 publications
(8 citation statements)
references
References 12 publications
0
8
0
Order By: Relevance
“…It follows that the received sequence (s n ) n<N can be decoded with Gallager algorithm when the feedback polynomial P has a low weight and when the error probability p is not too high. Several minor improvements of this original attack were proposed in [21,12,1,13,15] but these papers did not introduce any important modification of the basic underlying concepts. Johansson and Jönsson recently proposed two new techniques for fast correlation attacks: the main idea is to derive from (s n ) n<N a sequence which can be seen as a corrupted version of a word of a convolutional code [6] or of a turbo code [7].…”
Section: Fig 2 Correlation Attack Involving K Constituent Lfsrsmentioning
confidence: 99%
“…It follows that the received sequence (s n ) n<N can be decoded with Gallager algorithm when the feedback polynomial P has a low weight and when the error probability p is not too high. Several minor improvements of this original attack were proposed in [21,12,1,13,15] but these papers did not introduce any important modification of the basic underlying concepts. Johansson and Jönsson recently proposed two new techniques for fast correlation attacks: the main idea is to derive from (s n ) n<N a sequence which can be seen as a corrupted version of a word of a convolutional code [6] or of a turbo code [7].…”
Section: Fig 2 Correlation Attack Involving K Constituent Lfsrsmentioning
confidence: 99%
“…Interestingly, Penzhorn and Kühn also gave a totally different cubic-time algorithm [26], using discrete logarithms in GF (2 n ). Their method finds a parity check with weight 4 and degree 2 n/3 in O((1 + α) · 2 n/3 ) time, where α represents the time to compute a discrete log in GF (2 n ).…”
mentioning
confidence: 98%
“…Let us now study the generating function for the LFSR f (·) closer. From [24] a ω-weight multiple will have the degree roughly…”
Section: Distinguishing Attack On Grainmentioning
confidence: 99%