伪随机序列的设计与分析研究
|
摘要
本文首先应用错误攻击对两种流密码体制:广义自缩生成器和均衡互缩生成器的安全性进行了分析,为抵抗这种攻击,我们对广义自缩生成器进行了改进,给出了一种新型的广义自缩生成器,并对该生成器的各种伪随机性进行了分析,最后讨论了自相关函数和线性复杂度之间的一个关系,得到如下主要结果:
● 利用错误攻击对广义自缩生成器和均衡互缩生成器这两种流密码体制进行了密码分析,结果表明:对于由60级的线性反馈移位寄存器构成的广义自缩生成器,在反馈多项式已知的条件下,攻击者仅需要4个错误密钥流,结合平均约2~8个密钥流比特就可以获得生成器的密钥种子;对于均衡互缩生成器,攻击者可以通过改变LFSR若干个时钟来得到错误的输出流,并利用这些输出流得到生成器的密钥种子。
● 为抵抗错误攻击,设计了一类新型的广义自缩生成器。讨论了该新型序列的各种伪随机性质,包括最小周期,游程长度和序列族的性质,给出了使最小周期达到最大的方法。由我们的方法可以找到2~(n-3)个周期达到2~(n-1)的序列。同时证明序列的最大游程长度不超过n~2-2.5n+3。
● 讨论了新型广义自缩生成器的安全性,主要讨论了新型生成器抵抗猜测攻击和相关攻击的能力。关于安全性得到如下结论:当攻击者已知生成器的一个密钥向量G时,攻击的复杂度为O(12n~4 2~(0.694n));当攻击者不知道密钥向量G但已知集合C_1={01,10}时,攻击者可以得到序列的一个相关弱点,利用该弱点可以攻击新型广义自缩序列,但当集合C_1发生变化时,该弱点不存在。
● 研究了新型广义自缩序列线性复杂度的稳定性:当改变序列的奇数个比特时,序列的线性复杂度会增加到最大,即等于序列的最小周期2~(n-1);在改变序列偶数个比特且满足一定条件时,序列的线性复杂度会下降,其余情况下,序列的线性复杂度不会下降。
● 首次指出周期为2~n的伪随机序列的自相关函数和线性复杂度之间存在的一个关系,并讨论了该关系在以下三个方面的应用:1)由序列的线性复杂度来估计/确定序列的自相关函数值;2)通过序列的自相关函数来证明Games-Chan算法;3)由序列的线性复杂度来检验一个序列族的互相关函数值。
● 针对一类周期为2~n的伪随机序列,指出这类序列的自相关函数值和线性复杂度以及k错线性复杂度存在着关系,即该类序列的自相关函数可以同国线性复杂度和k-错线性复杂度来衡量。
This dissertation firstly discusses the ability of the generalized self-shrinking generator and balanced shrinking generator to resist the fault attack. Secondly, a new type of generalized self-shrinking generator is presented to resist the fault attack, and pseudorandomness and security of new sequences are investigated. Finally, the relationship between autocorrelation and linear complexity is discussed. The main results are as follows:
The author gives a cryptanalysis of the generalized self-shrinking generator and balanced shrinking generator by using the fault attack technique. The results show that, for the generalized self-shrinking generator given the feedback polynomial, the attacker can obtain the secret keys by 4 faulty keystreams with 60 stages LFSR, where the length of the keystream required is about 2~8 bits.For the balanced shrinking generator, the attacker can obtain the secret keys by analyzing faulty output sequences which is produced by changing control clock of one of LFSRs.
A new type of generalized self-shrinking generator is presented and the least period, run length and the pseudorandom property of sequences family of which are investigated. The results show that, by our method, 2~(n-3) sequences with the least period 2~(n-1) can be found. Besides, we show that the maximal run length of the new sequences is less than n~2-2.5n+3.
The security of the new generalized self-shrinking generator is discussed. The results show that, If the vector G is known for the attacker, then he/she can obtain the secret keys with a complexity O(12n~42~(0.694n)). If the vector G is unknown but the C_1={01,10} is known, then the attacker can find a correlation weakness, which can be used to attack the new generalized self-shrinking generator; However, if C_1≠ {01,10}, there does not exist the above correlation weakness.
The stability of the linear complexity of the new generalized self-shrinking generator is discussed. The results show that the linear complexity will increase if odd bits are changed in the sequences. If even bits are changed and the situations of bit changed satisfy some conditions, then the linear complexity will decrease, except this, the linear complexity will increase.
For the 2~n-periodic pseudorandom sequences, the relationship between autocorrelation and linear complexity is presented and the application of which in three aspects are given, that is: 1)Estimating/Evaluating the value of autocorrelation functions by the linear complexity; 2) A simpler proof of Games-Chan algorithm is given by the autocorrelation; 3) Evaluating the correlation of a given sequence family by the linear complexity.
For a sort of sequences with period 2~n, we denote that the autocorrelation is related to linear complexity and k-error linear complexity,that is, the autocrrelation can be estimated by the linear complexity and k-error linear complexity.
● 利用错误攻击对广义自缩生成器和均衡互缩生成器这两种流密码体制进行了密码分析,结果表明:对于由60级的线性反馈移位寄存器构成的广义自缩生成器,在反馈多项式已知的条件下,攻击者仅需要4个错误密钥流,结合平均约2~8个密钥流比特就可以获得生成器的密钥种子;对于均衡互缩生成器,攻击者可以通过改变LFSR若干个时钟来得到错误的输出流,并利用这些输出流得到生成器的密钥种子。
● 为抵抗错误攻击,设计了一类新型的广义自缩生成器。讨论了该新型序列的各种伪随机性质,包括最小周期,游程长度和序列族的性质,给出了使最小周期达到最大的方法。由我们的方法可以找到2~(n-3)个周期达到2~(n-1)的序列。同时证明序列的最大游程长度不超过n~2-2.5n+3。
● 讨论了新型广义自缩生成器的安全性,主要讨论了新型生成器抵抗猜测攻击和相关攻击的能力。关于安全性得到如下结论:当攻击者已知生成器的一个密钥向量G时,攻击的复杂度为O(12n~4 2~(0.694n));当攻击者不知道密钥向量G但已知集合C_1={01,10}时,攻击者可以得到序列的一个相关弱点,利用该弱点可以攻击新型广义自缩序列,但当集合C_1发生变化时,该弱点不存在。
● 研究了新型广义自缩序列线性复杂度的稳定性:当改变序列的奇数个比特时,序列的线性复杂度会增加到最大,即等于序列的最小周期2~(n-1);在改变序列偶数个比特且满足一定条件时,序列的线性复杂度会下降,其余情况下,序列的线性复杂度不会下降。
● 首次指出周期为2~n的伪随机序列的自相关函数和线性复杂度之间存在的一个关系,并讨论了该关系在以下三个方面的应用:1)由序列的线性复杂度来估计/确定序列的自相关函数值;2)通过序列的自相关函数来证明Games-Chan算法;3)由序列的线性复杂度来检验一个序列族的互相关函数值。
● 针对一类周期为2~n的伪随机序列,指出这类序列的自相关函数值和线性复杂度以及k错线性复杂度存在着关系,即该类序列的自相关函数可以同国线性复杂度和k-错线性复杂度来衡量。
This dissertation firstly discusses the ability of the generalized self-shrinking generator and balanced shrinking generator to resist the fault attack. Secondly, a new type of generalized self-shrinking generator is presented to resist the fault attack, and pseudorandomness and security of new sequences are investigated. Finally, the relationship between autocorrelation and linear complexity is discussed. The main results are as follows:
The author gives a cryptanalysis of the generalized self-shrinking generator and balanced shrinking generator by using the fault attack technique. The results show that, for the generalized self-shrinking generator given the feedback polynomial, the attacker can obtain the secret keys by 4 faulty keystreams with 60 stages LFSR, where the length of the keystream required is about 2~8 bits.For the balanced shrinking generator, the attacker can obtain the secret keys by analyzing faulty output sequences which is produced by changing control clock of one of LFSRs.
A new type of generalized self-shrinking generator is presented and the least period, run length and the pseudorandom property of sequences family of which are investigated. The results show that, by our method, 2~(n-3) sequences with the least period 2~(n-1) can be found. Besides, we show that the maximal run length of the new sequences is less than n~2-2.5n+3.
The security of the new generalized self-shrinking generator is discussed. The results show that, If the vector G is known for the attacker, then he/she can obtain the secret keys with a complexity O(12n~42~(0.694n)). If the vector G is unknown but the C_1={01,10} is known, then the attacker can find a correlation weakness, which can be used to attack the new generalized self-shrinking generator; However, if C_1≠ {01,10}, there does not exist the above correlation weakness.
The stability of the linear complexity of the new generalized self-shrinking generator is discussed. The results show that the linear complexity will increase if odd bits are changed in the sequences. If even bits are changed and the situations of bit changed satisfy some conditions, then the linear complexity will decrease, except this, the linear complexity will increase.
For the 2~n-periodic pseudorandom sequences, the relationship between autocorrelation and linear complexity is presented and the application of which in three aspects are given, that is: 1)Estimating/Evaluating the value of autocorrelation functions by the linear complexity; 2) A simpler proof of Games-Chan algorithm is given by the autocorrelation; 3) Evaluating the correlation of a given sequence family by the linear complexity.
For a sort of sequences with period 2~n, we denote that the autocorrelation is related to linear complexity and k-error linear complexity,that is, the autocrrelation can be estimated by the linear complexity and k-error linear complexity.
引文
[1] Bruer J.O., On nonlinear combinations of linear shift register sequences[A]. Proc. Of IEEE Int. Symp. Inform. Theory, Les Arcs, France, June 1982, 21-35.
[2] Geffe, How to protect data with ciphers that are hard to break [J]. Electronics, 1973, Jan. 4:99-101.
[3] Pless V.S., Encryption schemes for computer confidentiality[J].IEEE Trans. Comput., Nov,1977, C-26:1133-1136.
[4] P.V. Kumar, R.A.Scholtz, Bounds on the linear span of Bent sequences[J]. IEEE Trans. Inform. Theory, 1983, 29(6):854-862.
[5] Andrew Klapper, A. H. Chan, Mark Goresky. Cascaded GMW sequences[J]. IEEE Trans. Inform. Theory, 1993,39(1): 177-183.
[6] Scholzs R., Welch L.R., GMW sequences[J]. IEEE Trans. Inform. Theory, 1984, 30(3):548-553.
[7] Beth T., Piper F.C., The Stop-and-Go Generator[A]. Proc. of Eurocrypt'84, Advances in Cryptology, LNCS209,1985, 88-92.
[8] Gunther C. G.. A Generator of Pseudorandom Sequences with Clock Controlled Linear Feedback Shift Register[A]. Eurocypt'87, Amsterdam, 1987.
[9] Coppersmith D., Krawczyk H., Mansour Y.. The shrinking generator[A]. Advances in Cryoptology-Crypto'93, 1993,22-39.
[10]Meier W., Staffelbach O., The Self-shrinking Generator[A], Advances in Cryoptology- Eurocrypto'94, 1994,205-214.
[11]Mihaljevic M., A faster cryptanalysis of the self-shrinking generator[A], LNCS 1172, Springer-Verlag, 1996,182-189.
[12]Krause M., BDD-based cryptanalysis of keystream generators[A], Advanced in Cryptography- EUROCRYPT'02, LNCS2332, Springer-Verlag, 2002, 222-237.
[13]Jong-Seon No, P. Kumar V., A new family of binary pseudorandom sequences having optimal periodic correlation properties and large linear span[J]. IEEE Trans. Inform. Theory, 1989, 35(2): 371-379.
[14] Ding Cunsheng, Helleseth T., Shan Weijuan, on the linear complexity of Legendre sequences[J], IEEE Trans. On Inform. Theory, 1998,44(3):1276-1278.
[15]Jong-Seon No, Hwan-Keun Lee,et al. Trace representation of Legendre sequences of Mersenne prime period[A]. IEEE Trans. On Inform. Theory, 1996,42(6):2254-2255.
[16] Bin Zhang, Hongjun Wu, Dengguo Feng and Feng Bao, A fast correlation attack on the shrinking generator[J],CT-RSA2005, LNCS 3376, Springer-Verlag, 2005, 72-86.
[17]Patrik Ekdahl, Thomas Johansson, A new version of the stream cipher SNOW[DB/OL], www.it.lth.se/cryptology/snow/snow20.ps.2003.
[18] Greg Rose, SOBER: A stream cipher based on linear feedback over GF(2~g) [DB/OL], http://citeseer.ist.psu.edu/rose99sober.html.2003.
[19] E. Dawson, A. Clark, J. Golic, W. Millan, L. Perma, L. Simpson, The LILI-128 Keystream Generator[DB/OL], http://citeseer.ist.psu.edu/485203.html.2003.
[20] David A. McGrew and Scott R. Fluhrer, The Stream Cipher LEVIATHAN: Specification and Supporting Documentation[DB/OL], http://www.mindspring.com/~dmcgrew/dam.htm#LEVIATHAN.2003.
[21] Johan Hastad, Mats Naslund, BMGL: Synchronous Key-stream Generator with Provable Security[DB/OL]. https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/bmgl4.pdf.2003.
[22] Bin Zhang, Hongjun Wu, Dengguo Feng and Feng Bao, Security Analysis of the Generalized Self-shrinking Generator[A], ICICS 2004,LNCS 3269, Springer-Verlag 2004, 388-400.
[23] 胡予濮,张玉清,肖国镇,对称密码学[M],机械工业出版社,2002年8月第一版。
[24] J.Gergov, Ch.Meinel. Efficient Boolean function manipulation with OBDDs can be generalized to FBDDs[J], IEEE Trans. on Computers, 1994, 43,1197-1209.
[25] 丁存生,肖国镇,流密码学及其应用[M],国防工业出版社,1994年9月第一版。
[26] M.Stamp and C.F.Martin, "An algorithm for the k-error linear complexity of binary sequences with period 2~n[J]",IEEE Trans.on Information theory, July, 1993 39(4): 1398-1401.
[27] Rueppel R.A., Analysis and Design of Stream Ciphers[M]. Berlin, Germany: Springer-Verlag, 1999.
[28] McEliece R.J., Finite Fields for Computer Scientists And Engineers[M], Boston: Kluwer Academic Publishers, 1987.
[29] Jovan Dj Golic and L.O'Connor, Embedding and probabilistic correlation attacks on clock-controlled shift registers[A], Advances in Cryptology-Eurocrypt'94, LNCS950, 1995,230-243,.
[30] L.Simpson, Jovan Dj. Golic and E.Dawson, A probabilistic correlation attacks on the shrinking generator[A], Information Security and Privacy'98, LNCS1438 1998,147-158.
[31] T.Johansson, Reduced complexity correlation attacks on two clock-controlled generators[A], Advanced in Cryptology-Asiacrypt'98, LNCS1514, 1998,342-357.
[32] Jovan Dj. Golic, Correlation analysis of the shrinking generator[A], Advances in Cryptology-CRYPTO 2001,2001,440-457.
[33] Jovan Dj. Golic, Linear models for keystream generators[J], IEEE Transactions on Computers, Jan, 1996,45(1): 41-49.
[34] Jovan Dj Golic and Renato Menicocci, Edit probability correlation attacks on stop/go clocked keystream generators[J], Joumal of Cryptology 2003,16(1): 41-68.
[35] Patrik Ekdahl, On LFSR based Stream Ciphers-Analysis and Design[D], Ph.D. Thesis,, Lund University, Sweden, 2003.
[36] M. Hell and T. Johansson, some attack on the Bit-search generator[DB/OL], www.it,lth.se/martin/fse2005.pdf.,2005.
[37] Stefan, Katzenbeisser, Fafien A P Petitcolas, et al. Information Hiding Techniques for Steganography and digital watermarking[M], Artech House, Inc., 2000.
[38] 胡予濮,杨波,伪随机稀疏序列的研究[J],电子学报,2002年1月,30(1):142-144.
[39] J.Massey, D. Costello, and J. Justesen, Polynomial weights and code constructions[J], IEEE Trans. Inform. Theory, Jan. 1973,19(1): 101-110.
[40] R. Games, A. Chan, A fast algorithm for determining the complexity of a binary sequence with period 2~n[J], IEEE Trans. Inform. Theory, Jan. 1983,29(1): 144-146.
[41] Kurosawa, F. Sato, T. Sakata, and W. Kishmoto, A relation between linear complexity and k-error linear complexity[J], IEEE Trans. Inform. Theory, Mar. 2000,46(2): 694-698.
[42] 赵耀东,戚文峰,二元周期序列的线性复杂度[J],电子学报,2005年1月,33(1):12-16.
[43] Shaoquan Jiang, Zongduo Dai, and Kyoki Imamura, Linear complexity of periodic sequences obtained from a Periodic Sequence by Either Substituting, Inserting, or Deleting k Symbols Within One Period[J], IEEE Trans Inform. Theory, Mar,2000, 46(3): 1174-1177.
[44] W. Sun, etc. On Correlation of Generalized Geometric Sequences[J]. IEEE Trans Inform.Theory, July 2001, 47(5): 2094-2095.
[45] P. Chose, A. Joux, M. Mitton, Fast Correlation Attacks: An Algorithmic Point of View[A], Advances in Cryptology-EUROCRYPT'2002, LNCS2332, Springer-Verlag,(2002), 209-221.
[46] Wilfried Meidl, Extended Games-Chan algorithm for the 2-adic complexity of FCSR-sequences[J], Theoretical Computer Science, 290(2003), 2045-2051.
[47] Wang Fei, Hu Yupu,Liu Ying, Hu Zhanpeng, An Efficient Algorithm for Software Generation of the Generalized Self-shrinking Sequences[A].Proceedings of the 11th Jiont International Computer Conference. 2005(JICC), Nov,2005, 163-166.
[48] Enjian BAI, Zhihua NIU, Guozhen XIAO. On the randomness of the editing generator[J].IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2004, E87-A(6): 1570—1575.
[49] 胡予濮,白国强,肖国镇GF(q)上的广义自缩序列[J],西安电子科技大学学报,2001,28(1):5-7.
[50] Ekdahl P and Johansson T. A new version of the stream cipher SNOW[A]. Selected Areas in Cryptology, SAC 2002. LNCS 2595.2002.47-61.
[51] 魏仕民。流密码及其复杂度分析[D]。西安电子科技大学博士论文,2001年.
[52] Uehara S and Imamura K, Linear complexity of periodic sequences obtained from GF(q) sequences with period q~n-1 by one-symbol deletion[J], IEICE Trans. Fundamentals, 1996,vol. E79-A: 1739-1740.
[53] Ye. D and Dai Z, Linear complexity of periodic sequences under two symbol substitutions[A],Advances in Cryptology-China Crypto'96. Beijing, China: Science Press, 7-9, in.Chinese.
[54] 万哲先.代数和编码[M].北京:科学出版社,1980.
[55] Ekdahl P and Johansson. SNOW-a New Stream Cipher[DB/OL]. In Proceedings of the first open NESSIE Workshop, 2000. Available in http://www.madchat.org/crypto/hash-lib-algo/snow/snow10.pdf.2000.
[56] Rose G and Hawkes P. The t-Class of SOBER Stream Ciphers[DB/OL]. In Proceedings of the first open NESSIE Workshop, Belgium, 2000. Available in http://www.mirrors. wiretapped.net/security/cryptography/algorithms/t-class/t-class.pdf.2000.
[57] Zhang M, Carrol C and.Chan A. The software oriented stream cipher SSC2[A]. In Proceedings of FSE 2000. LNCS 1978.2001,31-48.
[58] M. Dewar and D. Panario. Linear Transformation Shift Registers[J]. IEEE Transactions on Information Theory, 2003, 49(8):2047-2052.
[59] B.Tsaban and U. Vishne. Efficient linear feedback shift registers with maximal period[J]. Finite Fields Appl. 2002,8(4): 256-267.
[60] Maitra S and Sarkar P. Efficient implementation of ciphertext only attack on LFSR based encryption schemes[A]. Proceedings of the National Seminar on cryptology,Delhi, July 1998, pp. A-1-A-12.
[61] Chowdhury S and Maitra S. Effcient Software Implementation of Linear Feedback Shift Registers[A]. INDOCRYPT2001, LNCS 2247. 2001, 297-307.
[62] Yupu HU and Guozhen XIAO, Generalized self-Shrinking Generator[J], IEEE Trans. on Information Theory,2004, 50(4):714-719.
[63] Courtois N. Higher order correlation attacks. XL algorithm and Cryptanalysis of Toyocrypt[A]. ICISC 2002, LNCS 2587, Springer-Verlag, 2002.182-199.
[64] Boneh D., DeMillo R., and Lipton R.. On the importance of checking cryptographic protocols for faults[A]. EUROCRYPT '97, LNCS 1233, Springer- Verlag, 1997. 37-51.
[65]Eli Biham, Adi Shamir, Differential Fault Analysis of Secret Key Cryptosystems [A]. CRYPTO 1997, LNCS1294, Springer-Verlag, 1997. 513-525.
[66]Jonathan J. Hoch and Adi Shamir, Fault Analysis of Stream Ciphers[A], CHES 2004, LNCS 3156,, Springer-Verlag 2004.240 - 253.
[67] Sergei Skorobogatov, Ross Anderson, Optical Fault Induction Attacks[DB/OL], www.cl.cam.ac.uk/ftp/ users/rja14/ faultpap3.pdf.2004.
[68] Se Ar Choi and kyeongcheol Yang, Balanced Shrinking Generators [A], ICISC2002, LNCS 2587, Berlin: Springer-Verlag, 2003, 213-226,
[69]Marcin G., Miroslaw K. and Pawel W., Fault cryptanalysis and the shrinking generator[A], WEA 2006, LNCS 4007, Berlin / Heidelberg: Springer-Verlag,2006, 61-72.
[70]E.Zenner, M. Krause, S. Lucks, Improved cryptanalysis of the self-shrinking generator[A], Proccedings on ACISP'2001, LNCS2119, Springer-Verlag, 2001, 21-35.
[71] Sultan Al-Hinai, Lynn Batten, Bernard Colbert,et,al., Algebraic attack on clock- controlled stream ciphers[A], Proccedings on ACISP'2006, LNCS4058, Springer- Verlag, 2006,1-16.
[72]E R Berlekamp, Algebraic coding theory[M]. New York:McGraw-Mill, 1986.
[73] Martin Hell, Thomas Johansson and Willi Meier, Grain - A Stream Cipher for Constrained Environments[DB/OL], http://www.ecrypt.eu.org/stream/p2ciphers/ grain /Grain_p2.pdf.2006.
[74] Steve Babbage and Matthew Dodd, The stream cipher MICKEY-128 2.0[DB/OL], http://www.ecrypt.eu.org/stream/p2ciphers/mickeyl28/mickey128_p2.pdf.2006.
[75] Doug Whiting, Bruce Schneier, Stephan Lucks, Phelix - Fast Encryption and Authentication in a Single Cryptographic Primitive[DB/OL],http://www. ecrypt. eu.org/stream/p2ciphers/phelix/phelix_p2 .pdf.2006.
[76]Christophe De , Bart Preneel , Trivium Specifications[DB/OL], http://www. ecrypt .eu.org/ stream /p2ciphers/trivium/trivium_p2.pdf.2006.
[77]Nicolas Courtois: Higher Order Correlation Attacks, XL algorithm and Cryptanalysis of Toyocrypt[A], ICISC 2002, LNCS 2587, Springer-Verlag, 2002: 182-199.
[78]Hu Yupu, Xiao Guozhen, Stream Cipher Based on GSS Sequences[J], Science in China, Ser. F,2004,47(6): 681-696.
[79]Kanso A.,Clock-controlled generators[D],Ph.D thesis, University of London, 1999.
[80]Kanso A., Clock-controlled shrinking generators of feedback shift registers[A], ACISP2003,LNCS2727,Berlin:Springer-Verlag,2003:443-451.
[81]Kanso A.,The (a,b)-shrinking generator[DB/OL],http://eprint.iacr.org/2002/, 2002/095,2002.
[82]Kim J H,Song H Y., On the linear complexity of Hall's Sextic Residue sequences [J].IEEE Trans.on Information Theory,2001,47(5):2094-2096.
[83] Gong G, A new class of nonlinear PN sequences over GF(q~n)[J], IEEE Trans.on Information Theory,1997,43(3): 1007-1012.
[84] Gong G, Cryptographic properties of the Welch-Gong transformation sequences generators[J], IEEE Trans.on Information Theory,2002,48(11):2837-2846.
[85] Gong G, Golomb W. The Decimation-Hadamard transform of two-level autocorrelation sequences[J], IEEE Trans.on Information Theory,2002,48(4):853-865.
[86] Gong G, Jiang S Q, The editing generator and its cryptanalysis[DB/OL], http://www.cacr.math.uwaterloo.ca, 2002.
[87] Golomb S. W., Shift register sequences[M].San Francisco,CA: Holden-Day, 1967, Revised edition:Laguna Hills,CA:Aegean Park, 1982.
[88] 冯克勤,聂灵沼,代数学[M],长沙:湖南教育出版社,1985。
[89] 胡予濮,魏仕民,肖国镇,广义Legendre序列和广义Jacobi序列的线性复杂度[J],电子学报,2000,28(2):113-117。
[90] 柯召,孙琦,数论讲义[M],上下册。北京:高等教育出版社,1987。
[91] 肖国镇,梁传甲,王育民,伪随机序列及其应用[M]。北京:国防工业出版,1985。
[92] Lidl R.,Niederreiter H., Finite Field[M]. Reading, MA:Addison-Wesley,1983.
[93] Matolak D. W., Manchiraju D., Evaluation of pseudorandom sequences for third generation spread spectrum[A], Proceedings of the 35th IEEE Southeastern symposium on system theory. Morgantown,2003:288-290.
[94] Mei W.H., Yang Y. X.,Families of FH sequences based on pseudorandom sequences over GF(q)[A],International Conference on Communication technology-ICCT2000,vol. 1,2000,536-538.
[95] Meidl W., Niederreiter H., Linear complexity, k-error linear complexity, and the discrete Fourier transfor[J].Journal of complexity,2002,18(1):87-103.
[96] Meidl W., Niederreiter H.,On the expected value of the linear complexity and the k-error linear complexity of periodic sequences[J]. IEEE Trans.on Information Theory,2002,48(11):2817-2825.
[97] Massey J L.,Serconeck S.,Linear complexity of periodic sequences:a general theory[A],Advances in Cryptology-CRYPTO'96[C], Berlin: Springer-Verlag, 1996:358-371.
[98] Blackburn S. R., A generalization of the discrete Fourier transform: determing the minimal polynomial of a periodic sequence[J]. IEEE Trans.on Information Theory, 1994,40(5): 1702-1704.
[99] Blackburn S. R.,The linear complexity of the self-shrinking generator[J]. IEEE Trans.on Information Theory, 1999,45(6): 2073-2077.
[2] Geffe, How to protect data with ciphers that are hard to break [J]. Electronics, 1973, Jan. 4:99-101.
[3] Pless V.S., Encryption schemes for computer confidentiality[J].IEEE Trans. Comput., Nov,1977, C-26:1133-1136.
[4] P.V. Kumar, R.A.Scholtz, Bounds on the linear span of Bent sequences[J]. IEEE Trans. Inform. Theory, 1983, 29(6):854-862.
[5] Andrew Klapper, A. H. Chan, Mark Goresky. Cascaded GMW sequences[J]. IEEE Trans. Inform. Theory, 1993,39(1): 177-183.
[6] Scholzs R., Welch L.R., GMW sequences[J]. IEEE Trans. Inform. Theory, 1984, 30(3):548-553.
[7] Beth T., Piper F.C., The Stop-and-Go Generator[A]. Proc. of Eurocrypt'84, Advances in Cryptology, LNCS209,1985, 88-92.
[8] Gunther C. G.. A Generator of Pseudorandom Sequences with Clock Controlled Linear Feedback Shift Register[A]. Eurocypt'87, Amsterdam, 1987.
[9] Coppersmith D., Krawczyk H., Mansour Y.. The shrinking generator[A]. Advances in Cryoptology-Crypto'93, 1993,22-39.
[10]Meier W., Staffelbach O., The Self-shrinking Generator[A], Advances in Cryoptology- Eurocrypto'94, 1994,205-214.
[11]Mihaljevic M., A faster cryptanalysis of the self-shrinking generator[A], LNCS 1172, Springer-Verlag, 1996,182-189.
[12]Krause M., BDD-based cryptanalysis of keystream generators[A], Advanced in Cryptography- EUROCRYPT'02, LNCS2332, Springer-Verlag, 2002, 222-237.
[13]Jong-Seon No, P. Kumar V., A new family of binary pseudorandom sequences having optimal periodic correlation properties and large linear span[J]. IEEE Trans. Inform. Theory, 1989, 35(2): 371-379.
[14] Ding Cunsheng, Helleseth T., Shan Weijuan, on the linear complexity of Legendre sequences[J], IEEE Trans. On Inform. Theory, 1998,44(3):1276-1278.
[15]Jong-Seon No, Hwan-Keun Lee,et al. Trace representation of Legendre sequences of Mersenne prime period[A]. IEEE Trans. On Inform. Theory, 1996,42(6):2254-2255.
[16] Bin Zhang, Hongjun Wu, Dengguo Feng and Feng Bao, A fast correlation attack on the shrinking generator[J],CT-RSA2005, LNCS 3376, Springer-Verlag, 2005, 72-86.
[17]Patrik Ekdahl, Thomas Johansson, A new version of the stream cipher SNOW[DB/OL], www.it.lth.se/cryptology/snow/snow20.ps.2003.
[18] Greg Rose, SOBER: A stream cipher based on linear feedback over GF(2~g) [DB/OL], http://citeseer.ist.psu.edu/rose99sober.html.2003.
[19] E. Dawson, A. Clark, J. Golic, W. Millan, L. Perma, L. Simpson, The LILI-128 Keystream Generator[DB/OL], http://citeseer.ist.psu.edu/485203.html.2003.
[20] David A. McGrew and Scott R. Fluhrer, The Stream Cipher LEVIATHAN: Specification and Supporting Documentation[DB/OL], http://www.mindspring.com/~dmcgrew/dam.htm#LEVIATHAN.2003.
[21] Johan Hastad, Mats Naslund, BMGL: Synchronous Key-stream Generator with Provable Security[DB/OL]. https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/bmgl4.pdf.2003.
[22] Bin Zhang, Hongjun Wu, Dengguo Feng and Feng Bao, Security Analysis of the Generalized Self-shrinking Generator[A], ICICS 2004,LNCS 3269, Springer-Verlag 2004, 388-400.
[23] 胡予濮,张玉清,肖国镇,对称密码学[M],机械工业出版社,2002年8月第一版。
[24] J.Gergov, Ch.Meinel. Efficient Boolean function manipulation with OBDDs can be generalized to FBDDs[J], IEEE Trans. on Computers, 1994, 43,1197-1209.
[25] 丁存生,肖国镇,流密码学及其应用[M],国防工业出版社,1994年9月第一版。
[26] M.Stamp and C.F.Martin, "An algorithm for the k-error linear complexity of binary sequences with period 2~n[J]",IEEE Trans.on Information theory, July, 1993 39(4): 1398-1401.
[27] Rueppel R.A., Analysis and Design of Stream Ciphers[M]. Berlin, Germany: Springer-Verlag, 1999.
[28] McEliece R.J., Finite Fields for Computer Scientists And Engineers[M], Boston: Kluwer Academic Publishers, 1987.
[29] Jovan Dj Golic and L.O'Connor, Embedding and probabilistic correlation attacks on clock-controlled shift registers[A], Advances in Cryptology-Eurocrypt'94, LNCS950, 1995,230-243,.
[30] L.Simpson, Jovan Dj. Golic and E.Dawson, A probabilistic correlation attacks on the shrinking generator[A], Information Security and Privacy'98, LNCS1438 1998,147-158.
[31] T.Johansson, Reduced complexity correlation attacks on two clock-controlled generators[A], Advanced in Cryptology-Asiacrypt'98, LNCS1514, 1998,342-357.
[32] Jovan Dj. Golic, Correlation analysis of the shrinking generator[A], Advances in Cryptology-CRYPTO 2001,2001,440-457.
[33] Jovan Dj. Golic, Linear models for keystream generators[J], IEEE Transactions on Computers, Jan, 1996,45(1): 41-49.
[34] Jovan Dj Golic and Renato Menicocci, Edit probability correlation attacks on stop/go clocked keystream generators[J], Joumal of Cryptology 2003,16(1): 41-68.
[35] Patrik Ekdahl, On LFSR based Stream Ciphers-Analysis and Design[D], Ph.D. Thesis,, Lund University, Sweden, 2003.
[36] M. Hell and T. Johansson, some attack on the Bit-search generator[DB/OL], www.it,lth.se/martin/fse2005.pdf.,2005.
[37] Stefan, Katzenbeisser, Fafien A P Petitcolas, et al. Information Hiding Techniques for Steganography and digital watermarking[M], Artech House, Inc., 2000.
[38] 胡予濮,杨波,伪随机稀疏序列的研究[J],电子学报,2002年1月,30(1):142-144.
[39] J.Massey, D. Costello, and J. Justesen, Polynomial weights and code constructions[J], IEEE Trans. Inform. Theory, Jan. 1973,19(1): 101-110.
[40] R. Games, A. Chan, A fast algorithm for determining the complexity of a binary sequence with period 2~n[J], IEEE Trans. Inform. Theory, Jan. 1983,29(1): 144-146.
[41] Kurosawa, F. Sato, T. Sakata, and W. Kishmoto, A relation between linear complexity and k-error linear complexity[J], IEEE Trans. Inform. Theory, Mar. 2000,46(2): 694-698.
[42] 赵耀东,戚文峰,二元周期序列的线性复杂度[J],电子学报,2005年1月,33(1):12-16.
[43] Shaoquan Jiang, Zongduo Dai, and Kyoki Imamura, Linear complexity of periodic sequences obtained from a Periodic Sequence by Either Substituting, Inserting, or Deleting k Symbols Within One Period[J], IEEE Trans Inform. Theory, Mar,2000, 46(3): 1174-1177.
[44] W. Sun, etc. On Correlation of Generalized Geometric Sequences[J]. IEEE Trans Inform.Theory, July 2001, 47(5): 2094-2095.
[45] P. Chose, A. Joux, M. Mitton, Fast Correlation Attacks: An Algorithmic Point of View[A], Advances in Cryptology-EUROCRYPT'2002, LNCS2332, Springer-Verlag,(2002), 209-221.
[46] Wilfried Meidl, Extended Games-Chan algorithm for the 2-adic complexity of FCSR-sequences[J], Theoretical Computer Science, 290(2003), 2045-2051.
[47] Wang Fei, Hu Yupu,Liu Ying, Hu Zhanpeng, An Efficient Algorithm for Software Generation of the Generalized Self-shrinking Sequences[A].Proceedings of the 11th Jiont International Computer Conference. 2005(JICC), Nov,2005, 163-166.
[48] Enjian BAI, Zhihua NIU, Guozhen XIAO. On the randomness of the editing generator[J].IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2004, E87-A(6): 1570—1575.
[49] 胡予濮,白国强,肖国镇GF(q)上的广义自缩序列[J],西安电子科技大学学报,2001,28(1):5-7.
[50] Ekdahl P and Johansson T. A new version of the stream cipher SNOW[A]. Selected Areas in Cryptology, SAC 2002. LNCS 2595.2002.47-61.
[51] 魏仕民。流密码及其复杂度分析[D]。西安电子科技大学博士论文,2001年.
[52] Uehara S and Imamura K, Linear complexity of periodic sequences obtained from GF(q) sequences with period q~n-1 by one-symbol deletion[J], IEICE Trans. Fundamentals, 1996,vol. E79-A: 1739-1740.
[53] Ye. D and Dai Z, Linear complexity of periodic sequences under two symbol substitutions[A],Advances in Cryptology-China Crypto'96. Beijing, China: Science Press, 7-9, in.Chinese.
[54] 万哲先.代数和编码[M].北京:科学出版社,1980.
[55] Ekdahl P and Johansson. SNOW-a New Stream Cipher[DB/OL]. In Proceedings of the first open NESSIE Workshop, 2000. Available in http://www.madchat.org/crypto/hash-lib-algo/snow/snow10.pdf.2000.
[56] Rose G and Hawkes P. The t-Class of SOBER Stream Ciphers[DB/OL]. In Proceedings of the first open NESSIE Workshop, Belgium, 2000. Available in http://www.mirrors. wiretapped.net/security/cryptography/algorithms/t-class/t-class.pdf.2000.
[57] Zhang M, Carrol C and.Chan A. The software oriented stream cipher SSC2[A]. In Proceedings of FSE 2000. LNCS 1978.2001,31-48.
[58] M. Dewar and D. Panario. Linear Transformation Shift Registers[J]. IEEE Transactions on Information Theory, 2003, 49(8):2047-2052.
[59] B.Tsaban and U. Vishne. Efficient linear feedback shift registers with maximal period[J]. Finite Fields Appl. 2002,8(4): 256-267.
[60] Maitra S and Sarkar P. Efficient implementation of ciphertext only attack on LFSR based encryption schemes[A]. Proceedings of the National Seminar on cryptology,Delhi, July 1998, pp. A-1-A-12.
[61] Chowdhury S and Maitra S. Effcient Software Implementation of Linear Feedback Shift Registers[A]. INDOCRYPT2001, LNCS 2247. 2001, 297-307.
[62] Yupu HU and Guozhen XIAO, Generalized self-Shrinking Generator[J], IEEE Trans. on Information Theory,2004, 50(4):714-719.
[63] Courtois N. Higher order correlation attacks. XL algorithm and Cryptanalysis of Toyocrypt[A]. ICISC 2002, LNCS 2587, Springer-Verlag, 2002.182-199.
[64] Boneh D., DeMillo R., and Lipton R.. On the importance of checking cryptographic protocols for faults[A]. EUROCRYPT '97, LNCS 1233, Springer- Verlag, 1997. 37-51.
[65]Eli Biham, Adi Shamir, Differential Fault Analysis of Secret Key Cryptosystems [A]. CRYPTO 1997, LNCS1294, Springer-Verlag, 1997. 513-525.
[66]Jonathan J. Hoch and Adi Shamir, Fault Analysis of Stream Ciphers[A], CHES 2004, LNCS 3156,, Springer-Verlag 2004.240 - 253.
[67] Sergei Skorobogatov, Ross Anderson, Optical Fault Induction Attacks[DB/OL], www.cl.cam.ac.uk/ftp/ users/rja14/ faultpap3.pdf.2004.
[68] Se Ar Choi and kyeongcheol Yang, Balanced Shrinking Generators [A], ICISC2002, LNCS 2587, Berlin: Springer-Verlag, 2003, 213-226,
[69]Marcin G., Miroslaw K. and Pawel W., Fault cryptanalysis and the shrinking generator[A], WEA 2006, LNCS 4007, Berlin / Heidelberg: Springer-Verlag,2006, 61-72.
[70]E.Zenner, M. Krause, S. Lucks, Improved cryptanalysis of the self-shrinking generator[A], Proccedings on ACISP'2001, LNCS2119, Springer-Verlag, 2001, 21-35.
[71] Sultan Al-Hinai, Lynn Batten, Bernard Colbert,et,al., Algebraic attack on clock- controlled stream ciphers[A], Proccedings on ACISP'2006, LNCS4058, Springer- Verlag, 2006,1-16.
[72]E R Berlekamp, Algebraic coding theory[M]. New York:McGraw-Mill, 1986.
[73] Martin Hell, Thomas Johansson and Willi Meier, Grain - A Stream Cipher for Constrained Environments[DB/OL], http://www.ecrypt.eu.org/stream/p2ciphers/ grain /Grain_p2.pdf.2006.
[74] Steve Babbage and Matthew Dodd, The stream cipher MICKEY-128 2.0[DB/OL], http://www.ecrypt.eu.org/stream/p2ciphers/mickeyl28/mickey128_p2.pdf.2006.
[75] Doug Whiting, Bruce Schneier, Stephan Lucks, Phelix - Fast Encryption and Authentication in a Single Cryptographic Primitive[DB/OL],http://www. ecrypt. eu.org/stream/p2ciphers/phelix/phelix_p2 .pdf.2006.
[76]Christophe De , Bart Preneel , Trivium Specifications[DB/OL], http://www. ecrypt .eu.org/ stream /p2ciphers/trivium/trivium_p2.pdf.2006.
[77]Nicolas Courtois: Higher Order Correlation Attacks, XL algorithm and Cryptanalysis of Toyocrypt[A], ICISC 2002, LNCS 2587, Springer-Verlag, 2002: 182-199.
[78]Hu Yupu, Xiao Guozhen, Stream Cipher Based on GSS Sequences[J], Science in China, Ser. F,2004,47(6): 681-696.
[79]Kanso A.,Clock-controlled generators[D],Ph.D thesis, University of London, 1999.
[80]Kanso A., Clock-controlled shrinking generators of feedback shift registers[A], ACISP2003,LNCS2727,Berlin:Springer-Verlag,2003:443-451.
[81]Kanso A.,The (a,b)-shrinking generator[DB/OL],http://eprint.iacr.org/2002/, 2002/095,2002.
[82]Kim J H,Song H Y., On the linear complexity of Hall's Sextic Residue sequences [J].IEEE Trans.on Information Theory,2001,47(5):2094-2096.
[83] Gong G, A new class of nonlinear PN sequences over GF(q~n)[J], IEEE Trans.on Information Theory,1997,43(3): 1007-1012.
[84] Gong G, Cryptographic properties of the Welch-Gong transformation sequences generators[J], IEEE Trans.on Information Theory,2002,48(11):2837-2846.
[85] Gong G, Golomb W. The Decimation-Hadamard transform of two-level autocorrelation sequences[J], IEEE Trans.on Information Theory,2002,48(4):853-865.
[86] Gong G, Jiang S Q, The editing generator and its cryptanalysis[DB/OL], http://www.cacr.math.uwaterloo.ca, 2002.
[87] Golomb S. W., Shift register sequences[M].San Francisco,CA: Holden-Day, 1967, Revised edition:Laguna Hills,CA:Aegean Park, 1982.
[88] 冯克勤,聂灵沼,代数学[M],长沙:湖南教育出版社,1985。
[89] 胡予濮,魏仕民,肖国镇,广义Legendre序列和广义Jacobi序列的线性复杂度[J],电子学报,2000,28(2):113-117。
[90] 柯召,孙琦,数论讲义[M],上下册。北京:高等教育出版社,1987。
[91] 肖国镇,梁传甲,王育民,伪随机序列及其应用[M]。北京:国防工业出版,1985。
[92] Lidl R.,Niederreiter H., Finite Field[M]. Reading, MA:Addison-Wesley,1983.
[93] Matolak D. W., Manchiraju D., Evaluation of pseudorandom sequences for third generation spread spectrum[A], Proceedings of the 35th IEEE Southeastern symposium on system theory. Morgantown,2003:288-290.
[94] Mei W.H., Yang Y. X.,Families of FH sequences based on pseudorandom sequences over GF(q)[A],International Conference on Communication technology-ICCT2000,vol. 1,2000,536-538.
[95] Meidl W., Niederreiter H., Linear complexity, k-error linear complexity, and the discrete Fourier transfor[J].Journal of complexity,2002,18(1):87-103.
[96] Meidl W., Niederreiter H.,On the expected value of the linear complexity and the k-error linear complexity of periodic sequences[J]. IEEE Trans.on Information Theory,2002,48(11):2817-2825.
[97] Massey J L.,Serconeck S.,Linear complexity of periodic sequences:a general theory[A],Advances in Cryptology-CRYPTO'96[C], Berlin: Springer-Verlag, 1996:358-371.
[98] Blackburn S. R., A generalization of the discrete Fourier transform: determing the minimal polynomial of a periodic sequence[J]. IEEE Trans.on Information Theory, 1994,40(5): 1702-1704.
[99] Blackburn S. R.,The linear complexity of the self-shrinking generator[J]. IEEE Trans.on Information Theory, 1999,45(6): 2073-2077.