1 / 19

A Method for Generating Full Cycles by a Composition of NLFSRs

A Method for Generating Full Cycles by a Composition of NLFSRs. Elena Dubrova Royal Institute of Technology – KTH Stockholm, Sweden. Outline. Problem addressed Motivation Contribution of the paper Construction method Conclusion and future work. Problem addressed.

aitana
Download Presentation

A Method for Generating Full Cycles by a Composition of NLFSRs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Method for Generating Full Cycles by a Composition of NLFSRs Elena Dubrova Royal Institute of Technology – KTH Stockholm, Sweden

  2. Outline • Problem addressed • Motivation • Contribution of the paper • Construction method • Conclusion and future work

  3. Problem addressed • How to efficiently generate n-variate mappings of type {0,1}n  {0,1}n whose state transition graphs have single cycles of the maximum possible length 2n? 00 x1 x2 … xn f1(x1,x2,…,xn) f2(x1,x2,…,xn) … fn(x1,x2,…,xn) 11 01  10

  4. Motivation • Single-cycle mappings are frequently used primitives in cryptography • For stream ciphers, single-cycle property is important because then the sequence of generated states cannot be trapped in a short cycle

  5. Implementation by FSRs • Feedback shift registers can be used to efficiently implement n-variate mappings {0,1}n  {0,1}n of type: x1 x2 … xn x2 x3 … f(x1,x2,…,xn) 

  6. Feedback Shift Registers • Linear Feedback Shift Register (LFSR) 5 4 3 2 1 • Non-Linear Feedback Shift Register (NLFSR) • n binary storage elements • linear feedback function • has cycle of length 2n-1 iff its characteristic polynomial is primitive 5 4 3 2 1

  7. NLFSRs • An NLFSR is invertible iff its feedback function is of type (“” is addition mod 2) f(x1,x2,…,xn) = x1 g(x2,x3,…,xn) • Conditions for single-cycle NLFSRs are not known • There are 22n-1-n single-cycle n-bit NLFSRs • Existing algorithms for constructing single-cycle NLFSRs are applicable to n < 32 Fredricksen, H. (1982) “A Survey of Full-Length Nonlinear Shift Register Cycle Algorithms”, SIAM Review, 24(2), 195-221 Dubrova, E. (2012) “List of Maximum-Period NLFSRs”, Cryptology ePrint Archive, 2012/166

  8. Combining smaller NLFRs • If we place in parallel k NLFSRs with largest cycles of length L1, L2,…, Lk, we get a mapping with the largest cycle of length LCM(L1, L2,…, Lk) Example: n1 = 3, L1= 7 n2 = 4, L2= 15 n3 = 5, L2= 31 7×15×31 = 3255 23+4+5 = 4096 f2 fk f1 NLFSRk NLFSR1 NLFSR2 … n1 + n2 +…+ nk state

  9. Contribution of the paper • A method for generating single-cycle mappings of type {0,1}n×k {0,1}n×kusing k NLFSRs of equal size n f2 fk f1 NLFSR2 NLFSR1 NLFSRk + + + … n × k state Extra logic

  10. Construction method k-1 • We used NLFSRs with two types of cycles • a cycle of length 2n-1 containing all non-0 states • a cycle of length 1 containing 0 state  i=0 2ni • If we place k such NLFSRs in parallel, we get a mapping with the following cycle structure: • cycles of length 2n-1 • one cycle of length 1 (0 state) • We will join these cycles into one by applying cycle-joining transformations

  11. Cycle-joining transformations • In an NLFSR, any state has two possible successors and two possible predecessors input output B A S S S 0 1 S 0 1 B+ A+ • If A and B are contained in different cycles, by exchanging their successorswe can join two cycles into one

  12. Joining cyclesby exchanging successors B A A+ B+

  13. Splitting a cycle • If A and B are contained in the same cycle, by exchanging their successors, we split the cycles into two A B+ A+ B

  14. Our case • In our case, any state can have 2k possible successors and 2k possible predecessors • We apply cycle-joining to the states of type: • If A and B are in different cycles, by exchanging their successors we join two cycles into one S1 … S2 c1 c2 Sk ck A c is the Boolean complement of c S1 … S2 c’2 c’1 Sk c’k B

  15. How to exchange successors • Successors can be exchanged by adding to the feedback function of every NLFSR minterms corresponding to the states A and B • For example, 1010 corresponds to minterm x4x3x2x1 • If feedback function f evaluates to 0 for the assignment 1010, then function f  x4x3x2x1 evaluates to 1 for 1010 • The challenge is to join an exponential number of cycles using additional logic of linear size

  16. Choosing dedicated states • We chose as dedicated the states with the minimal decimal representation • We proved that • If A is a minimal state of a cycle, then B is contained in another cycle • The set minterms corresponding to minimal states A of all cycles and the corresponding states B can be described by an expression of size O(nk) S1 … S2 c1 c2 Sk ck A S1 … S2 c’2 c’1 Sk c’k B

  17. First joining step • By exchanging successors of the minimal states of all cycles, we get one cycle of length 2n and other cycles of length 2n(2n-1) #Gates to add: O(nk) k(n+4)-n-8 ANDs 2k+1 ORs k XORs Example: n=32, k=4 Total #gates = 117 …

  18. Joining the resulting cycles in one • Before computing the next state, the minimal state of each “flower” is transformed to the minimal state of next “flower”,etc, and finally the cycle of length 2n is appended … … … … #Gates to add: O(nk2) + one time step < 2nk ANDs, < nk2 ORs, < 2nk XORs

  19. Conclusion • We presented a method for generating single-cycle mappings of type {0,1}n×k {0,1}n×kusing k NLFSRs of equal size n • An logic block of size O(nk2) and an extra time step are required • Future work involves security analysis of the presented method

More Related