基于FCSR的流密码设计与分析
|
摘要
带进位的反馈移位寄存器(FCSR,Feedback with Carry Shift Registers)与线性反馈移位寄存器(LFSR,Linear Feedback Shift Registers)具有相似的结构,但是其使用带进位加法使得生成序列天生具有极高的线性复杂度。由于当前使用非线性序列源设计流密码已经成为主流,FCSR作为一类非常重要的非线性序列源,利用其设计流密码自然成为了热点。
本文主要研究如何利用FCSR设计性质优秀的密钥流生成器,在研究FCSR的性质与基于FCSR的密钥流生成器F-FCSR-Hv2的基础之上,先对F-FCSR-Hv2等基于滤波的密钥流生成器进行改进,提出了改进方案一“联合的F-FCSR密钥流生成器”与“全动态滤波密钥流生成器DF-FCSR-8";然后用FCSR替代LFSR进行钟控设计,得到具有良好性质的钟控密钥流生成器;再综合利用前面设计的密钥流生成器得到了钟控全动态滤波密钥流生成器;最后研究了用于RFID(Radio Frequency Identification)射频识别技术的轻量级认证算法SQUASH,在此基础上设计出基于FCSR的用于RFID的轻量级认证算法SQUASH+和与加密结合的算法SQUASH+DF-FCSR。
主要的结果如下:
1.研究了基于FCSR滤波的密钥流生成器F-FCSR-Hv2,分析了Hell-Johansson攻击对FCSR滤波方案攻击的思想,在此基础上提出了一个基于FCSR滤波的改进方案一联合的F-FCSR密钥流生成器,以增加寄存器为代价,在保证吞吐率和密钥流良好统计特性的基础上,还可以抵抗Hell-Johansson攻击和其他攻击。
2.提出了一个全动态滤波密钥流生成器DF-FCSR-8,该生成器改变了原来滤波密钥流生成器在产生滤波输出时使用静态滤波的设计思路,引入了全动态滤波器,使得攻击者不能获取滤波器的滤波向量,无法列出足够的线性方程组,从而可以抵抗Hell-Johansson攻击,其他分析表明DF-FCSR-8可以抵抗相关攻击和代数攻击等攻击;测试表明密钥流具有良好统计特性。
3.提出基于FCSR的钟控密钥流生成器,设计了基于FCSR的停走钟控密钥流生成器和基于FCSR的交替钟控密钥流生成器,给出了两个生成器的参数以及生成序列的周期、线性复杂度下界,并分析了抵抗Hell-Johansson等攻击和其他攻击的能力等等,结果表明基于FCSR的停走钟控密钥流生成器具有大周期高线性复杂度下界,但是统计特性不够好,而基于FCSR的交替钟控密钥流生成器具有大周期、高线性复杂度下界、统计特性良好、且能抵抗Hell-Johansson攻击和其他攻击。
4.综合了基于FCSR的全动态密钥流生成器和钟控密钥流生成器的特点,提出两个基于FCSR的全动态钟控密钥流生成器一基于FCSR的全动态停走钟控密钥流生成器SGDF-FCSR-8和基于FCSR的全动态交替钟控密钥流生成器ASDF-FCSR-8。给出了设计参数、生成序列的周期以及线性复杂度下界,测试了统计特性,并给出了ASDF-FCSR-8抵抗Hell-Johansson攻击以及其他攻击的能力,结果表明,虽然SGDF-FCSR-8统计特性比基于FCSR的停走钟控密钥流生成器的统计特性好,但仍未能通过全部的伪随机性测试;而ASDF-FCSR-8在具有交替钟控密钥流生成器大周期、高线性复杂度、良好统计特性的基础之上,提高了吞吐率。
5.研究了应用于RFID环境下的轻量级认证算法SQUASH,在标准SQUASH基础上利用FCSR对其进行改进,提出了SQUASH+算法,该算法可以在保证安全性的基础上更高效的完成应答的计算。综合SQUASH+和基于FCSR的流密码的特点,提出了一个将认证与全动态滤波密钥流生成器相结合的轻量级混合算法-SQUASH+DF-FCSR,该算法利用FCSR作为计算数据发生器,在认证完成的同时也将流密码初始化过程完成,进而进行加密,使得FCSR寄存器同时供认证和加密使用,节约了空间,提高了效率,是一个在RFID环境下实用的轻量级认证加密混合算法。
本文设计的密钥流生成器可用一些资源受限的环境中,如于传感器网络、Ad-Hoc无线通信网络以及RFID环境中。
The Feedback with Carry Shift Registers (FCSR for short) has the similar structure with Linear Feedback Shift Registers (LFSR for short), but its generated sequence has high linear complexity by using addition with carry. Now it is very popular to design the stream cipher by means of nonlinear components. So, as an important nonlinear component, the FCSR is playing a key role in stream cipher design.
This thesis focuses on the usage of FCSR as keystream generator in stream cipher. Firstly based on the properties of FCSR, we study a keystream generator-F-FCSR-Hv2and improve it in two ways, and then propose two generators—Combined F-FCSR keystream generator and Dynamic filter keystream generator DF-FCSR-8. Next, we use FCSR in clock control instead of LFSR, which show better property than those based on LFSR. Combining the dynamic filter generator and clock controlled generator, we build a new type of keystream generator. Finally, aiming the Radio Frequency Identification (RFID for short) technology and the light weight certification scheme-SQUASH, we present a new certification scheme based on FCSR called SQUASH+, and a scheme called SQUASH+DF-FCSR for both certification and encryption, which is combination of the SQUASH+and the light weighted DF-FCSR.
The main result of this thesis is as follows:
1. Based on the properties of F-FCSR-Hv2generator and analysis of the Hell-Johansson attack which is an effective attack for F-FCSR-Hv2, an improved generator for filtered FCSR generator called Combined F-FCSR generator is presented. This generator maintains high output rate and good property at the cost of increasing more registers, and is resistant to Hell-Johansson attack and other attacks as well.
2. A new generator named dynamic filtered generator DF-FCSR-8is proposed. This generator uses dynamic filter as the filter of an FCSR's main register instead of the original static one. Because the filter is changed each time, the attacker cannot acquire enough linear functions so that this generator can resist Hell-Johansson attack. Other analyses indicate that DF-FCSR-8can withstand the correlation attack, algebraic attack and other attacks. While the test shows that DF-FCSR-8has good statistic characteristics.
3. Using FCSR to construct clock controlled generator instead of LFSR, two genera-tors:Stop and Go generator based on FCSR and Alternating Step generator based on FCSR, are proposed. This thesis gives the parameters of those generators, the period of generated sequence, lower bound of linear complexity, the ability against Hell-Johansson attack and other attacks, and statistic properties. Those results show that Stop and Go generator has a large period and high lower bound of linear complexity, but less good statistic property, while Alternating Step Generator has large period, high lower bound of linear complexity, good statistic properties, and ability to against Hell-Johansson attack and other attacks.
4. With the combination of dynamic filtered generator and clock controlled generator, two generators:SGDF-FCSR-8and ASDF-FCSR-8, are developed. The former is a combi-nation of Stop and Go generator and dynamic filtered generator; the later is a combination of Alternating Step generator and dynamic filtered generator. This thesis gives the parameters, the period of generated sequence, lower bound of linear complexity, and the ability against Hell-Johansson attack and other attacks, and also tests statistic properties of both generators. Although SGDF-FCSR-8has better statistic property than Stop and Go generator, it does not pass all the tests. WhereasASDF-FCSR-8improves the output rate based on a large period of Alternating Step Generator, and also has high lower bound on linear complexity and good statistic properties.
5. Through the investigation of a lightweight certification scheme, SQUASH, which is used in RFID environment, an improved version SQUASH+is given based on FCSR and standard SQUASH in this thesis. This scheme can complete the computation much more effi-ciently while ensuring the security. After that, considering the SQUASH+and the properties of stream-cipher based on FCSR, this thesis give a lightweight scheme named SQUASH+DF-FCSR which uses the FCSR as the data generator. The calculation process for certification is also initializing the keystream generator, and then encrypts the data. The FCSR is employed for both the certification and encryption, which makes the scheme more effective and use less memory. This scheme is a good practical lightweight scheme combined with certification and encryption in RFID environment.
The proposed keystream generator in this thesis can be used in some environment with limited resources, such as sensor network, Ad-Hoc wireless communication net work and RFID environment..
本文主要研究如何利用FCSR设计性质优秀的密钥流生成器,在研究FCSR的性质与基于FCSR的密钥流生成器F-FCSR-Hv2的基础之上,先对F-FCSR-Hv2等基于滤波的密钥流生成器进行改进,提出了改进方案一“联合的F-FCSR密钥流生成器”与“全动态滤波密钥流生成器DF-FCSR-8";然后用FCSR替代LFSR进行钟控设计,得到具有良好性质的钟控密钥流生成器;再综合利用前面设计的密钥流生成器得到了钟控全动态滤波密钥流生成器;最后研究了用于RFID(Radio Frequency Identification)射频识别技术的轻量级认证算法SQUASH,在此基础上设计出基于FCSR的用于RFID的轻量级认证算法SQUASH+和与加密结合的算法SQUASH+DF-FCSR。
主要的结果如下:
1.研究了基于FCSR滤波的密钥流生成器F-FCSR-Hv2,分析了Hell-Johansson攻击对FCSR滤波方案攻击的思想,在此基础上提出了一个基于FCSR滤波的改进方案一联合的F-FCSR密钥流生成器,以增加寄存器为代价,在保证吞吐率和密钥流良好统计特性的基础上,还可以抵抗Hell-Johansson攻击和其他攻击。
2.提出了一个全动态滤波密钥流生成器DF-FCSR-8,该生成器改变了原来滤波密钥流生成器在产生滤波输出时使用静态滤波的设计思路,引入了全动态滤波器,使得攻击者不能获取滤波器的滤波向量,无法列出足够的线性方程组,从而可以抵抗Hell-Johansson攻击,其他分析表明DF-FCSR-8可以抵抗相关攻击和代数攻击等攻击;测试表明密钥流具有良好统计特性。
3.提出基于FCSR的钟控密钥流生成器,设计了基于FCSR的停走钟控密钥流生成器和基于FCSR的交替钟控密钥流生成器,给出了两个生成器的参数以及生成序列的周期、线性复杂度下界,并分析了抵抗Hell-Johansson等攻击和其他攻击的能力等等,结果表明基于FCSR的停走钟控密钥流生成器具有大周期高线性复杂度下界,但是统计特性不够好,而基于FCSR的交替钟控密钥流生成器具有大周期、高线性复杂度下界、统计特性良好、且能抵抗Hell-Johansson攻击和其他攻击。
4.综合了基于FCSR的全动态密钥流生成器和钟控密钥流生成器的特点,提出两个基于FCSR的全动态钟控密钥流生成器一基于FCSR的全动态停走钟控密钥流生成器SGDF-FCSR-8和基于FCSR的全动态交替钟控密钥流生成器ASDF-FCSR-8。给出了设计参数、生成序列的周期以及线性复杂度下界,测试了统计特性,并给出了ASDF-FCSR-8抵抗Hell-Johansson攻击以及其他攻击的能力,结果表明,虽然SGDF-FCSR-8统计特性比基于FCSR的停走钟控密钥流生成器的统计特性好,但仍未能通过全部的伪随机性测试;而ASDF-FCSR-8在具有交替钟控密钥流生成器大周期、高线性复杂度、良好统计特性的基础之上,提高了吞吐率。
5.研究了应用于RFID环境下的轻量级认证算法SQUASH,在标准SQUASH基础上利用FCSR对其进行改进,提出了SQUASH+算法,该算法可以在保证安全性的基础上更高效的完成应答的计算。综合SQUASH+和基于FCSR的流密码的特点,提出了一个将认证与全动态滤波密钥流生成器相结合的轻量级混合算法-SQUASH+DF-FCSR,该算法利用FCSR作为计算数据发生器,在认证完成的同时也将流密码初始化过程完成,进而进行加密,使得FCSR寄存器同时供认证和加密使用,节约了空间,提高了效率,是一个在RFID环境下实用的轻量级认证加密混合算法。
本文设计的密钥流生成器可用一些资源受限的环境中,如于传感器网络、Ad-Hoc无线通信网络以及RFID环境中。
The Feedback with Carry Shift Registers (FCSR for short) has the similar structure with Linear Feedback Shift Registers (LFSR for short), but its generated sequence has high linear complexity by using addition with carry. Now it is very popular to design the stream cipher by means of nonlinear components. So, as an important nonlinear component, the FCSR is playing a key role in stream cipher design.
This thesis focuses on the usage of FCSR as keystream generator in stream cipher. Firstly based on the properties of FCSR, we study a keystream generator-F-FCSR-Hv2and improve it in two ways, and then propose two generators—Combined F-FCSR keystream generator and Dynamic filter keystream generator DF-FCSR-8. Next, we use FCSR in clock control instead of LFSR, which show better property than those based on LFSR. Combining the dynamic filter generator and clock controlled generator, we build a new type of keystream generator. Finally, aiming the Radio Frequency Identification (RFID for short) technology and the light weight certification scheme-SQUASH, we present a new certification scheme based on FCSR called SQUASH+, and a scheme called SQUASH+DF-FCSR for both certification and encryption, which is combination of the SQUASH+and the light weighted DF-FCSR.
The main result of this thesis is as follows:
1. Based on the properties of F-FCSR-Hv2generator and analysis of the Hell-Johansson attack which is an effective attack for F-FCSR-Hv2, an improved generator for filtered FCSR generator called Combined F-FCSR generator is presented. This generator maintains high output rate and good property at the cost of increasing more registers, and is resistant to Hell-Johansson attack and other attacks as well.
2. A new generator named dynamic filtered generator DF-FCSR-8is proposed. This generator uses dynamic filter as the filter of an FCSR's main register instead of the original static one. Because the filter is changed each time, the attacker cannot acquire enough linear functions so that this generator can resist Hell-Johansson attack. Other analyses indicate that DF-FCSR-8can withstand the correlation attack, algebraic attack and other attacks. While the test shows that DF-FCSR-8has good statistic characteristics.
3. Using FCSR to construct clock controlled generator instead of LFSR, two genera-tors:Stop and Go generator based on FCSR and Alternating Step generator based on FCSR, are proposed. This thesis gives the parameters of those generators, the period of generated sequence, lower bound of linear complexity, the ability against Hell-Johansson attack and other attacks, and statistic properties. Those results show that Stop and Go generator has a large period and high lower bound of linear complexity, but less good statistic property, while Alternating Step Generator has large period, high lower bound of linear complexity, good statistic properties, and ability to against Hell-Johansson attack and other attacks.
4. With the combination of dynamic filtered generator and clock controlled generator, two generators:SGDF-FCSR-8and ASDF-FCSR-8, are developed. The former is a combi-nation of Stop and Go generator and dynamic filtered generator; the later is a combination of Alternating Step generator and dynamic filtered generator. This thesis gives the parameters, the period of generated sequence, lower bound of linear complexity, and the ability against Hell-Johansson attack and other attacks, and also tests statistic properties of both generators. Although SGDF-FCSR-8has better statistic property than Stop and Go generator, it does not pass all the tests. WhereasASDF-FCSR-8improves the output rate based on a large period of Alternating Step Generator, and also has high lower bound on linear complexity and good statistic properties.
5. Through the investigation of a lightweight certification scheme, SQUASH, which is used in RFID environment, an improved version SQUASH+is given based on FCSR and standard SQUASH in this thesis. This scheme can complete the computation much more effi-ciently while ensuring the security. After that, considering the SQUASH+and the properties of stream-cipher based on FCSR, this thesis give a lightweight scheme named SQUASH+DF-FCSR which uses the FCSR as the data generator. The calculation process for certification is also initializing the keystream generator, and then encrypts the data. The FCSR is employed for both the certification and encryption, which makes the scheme more effective and use less memory. This scheme is a good practical lightweight scheme combined with certification and encryption in RFID environment.
The proposed keystream generator in this thesis can be used in some environment with limited resources, such as sensor network, Ad-Hoc wireless communication net work and RFID environment..
引文
[1]D. R. Stinson(加)著,冯登国(译).密码学原理与实践.第二版.北京:电子工业出版社,2003
[2]冯登国,裴定一.密码学导引.北京:科学出版社,1999
[3]章照止.现代密码学基础.北京:北京邮电大学出版社,2004
[4]A. Menezes, P. van Oorschot, S. Vanstone. Handbook of Applied Cryptography. CRC Press,1996
[5]C. Shannon. Communication Theory of Secret System. Bell Syst. Tech. J.1949, 28:656-715
[6]肖国镇,梁传甲,王育民.伪随机序列及其应用.北京:国防工业出版社,1985
[7]杨义先,林须端,胡正名.编码密码学.北京:人民邮电出版社,1992
[8]丁存生,肖国镇.流密码学及其应用.北京:国防工业出版社,1994
[9]魏仕民.流密码及其复杂度分析.西安电子科技大学博士学位论文.2001
[10]U. M. Maurer. New Approaches to the Design of Self-synchronizing Stream Ciphers. EUROCRYPT'91.1991:459-471
[11]J. Daemen, R. Govaerts, J. Vandewalle. On the Design of High Speed Self-synchronizing Stream Ciphers. ICCS/ISITA'92. Singapore,1992:279-283
[12]F. Arnault, T. P. Berger, A. Necer. A New Class of Stream Ciphers Combining Lfsr and Fcsr Architectures. INDOCRYPT'2002, LNCS 2551.2002:22-33
[13]G. Rose, P. Hawkes, M. Paddon, et al. Primitive Specification for Sss. Tech. Rep.028, ECRYPT Stream Cipher Project,2005. Http://www.ecrypt.eu.org/stream
[14]J. Daemen, P. Kitsos. The Self-synchronizing Stream Cipher Mosquito. Tech. Rep. 018, ECRYPT Stream Cipher Project,2005. Http://www.ecrypt.eu.org/stream
[15]B. Zhang, H. Wu, D. Feng, et al. Chosen Ciphertext Attack on a New Class of Self-synchronizing Stream Ciphers. A. Canteaut, K. Viswanathan, (Editors) INDOCRYPT 2004, LNCS 3348.2004:73-83
[16]J. L. J. Daemen, B. Preneel. Chosen Ciphertext Attack on Sss. Tech. rep. Http://www.ecrypt.eu.org/stream/sss.html
[17]A. Joux, F. Muller. Chosen-ciphertext Attacks Against Mosquito. M. J. B. Robshaw, (Editor) FSE 2006, LNCS 4047.2006:390-404
[18]J. L. Massey. Shift-register Synthesis and Bch Decoding. IEEE Transactions on Infor-mation Theory.1969,15(1):122-127
[19]NESS IE. New European Schemes for Signatures, Integrity, and Encryption. Http://www.cosic.esat.kuleuven.be/nessie/
[20]eSTREAM. The Ecrypt Stream Cipher Project. Http://www.ecrypt.eu.org/
[21]S. Babbage, C. Canniere, A. Canteaut, et al. The Estream Portfolio. Tech. rep., ECRYPT Stream Cipher Project,2008. Http://www.ecrypt.eu.org/stream/portfolio.pdf
[22]M. Hell, T. Johansson. Breaking the F-fcsr-h Stream Cipher in Real Time. Advances in Cryptology-ASIACRYPT 2008. Melbourne, Australia,2008:557-569
[23]S. Babbage, C. Canniere, A. Canteaut, et al. The Estream Portfolio(rev.l). Tech. rep., ECRYPT Stream Cipher Project,2008. Http://www.ecrypt.eu.org/stream/portfolio.pdf
[24]A. Klapper, M. Goresky.2-adic Shif Register. Fast Software Encryption. Com-brige,U.K,1993:174-178
[25]A. Klapper, M. Goresky. Cryptanalysis Based on 2-adic Rational Approximation. D. Coppersmith, (Editor) Advances in Cryptology-CRYPTO'95,LNCS 963.1995:262-273
[26]A. Klapper, M. Goresky. Feedback Shift Registers,2-adic Span and Combiners with Memory. Journal of Cryptology.1997,10(1):111-147
[27]M. Goresky, A. Klapper. Arithmetic Crosscorrelations of Feedback with Carry Shift Register Sequences. IEEE Transactions on Information Theory.1997,43(4):1342-1345
[28]H. Xu, W.-F. Qi. Further Results on the Distinctness of Decimations of l-sequences. IEEE Transactions on Information Theory.2006,52(8):3831-3836
[29]徐洪.极大周期fcsr序列及相关序列伪随机性质的研究.解放军信息工程大学博士学位论文.2007
[30]W. Q. T.Tian. Period and Complementarity Properties of Fcsr Memory Sequences. IEEE Transactions on Information Theory.2007,53(8):2966-2970
[31]薛帅,戚文峰.Galois Fcsr的内部状态分析.计算机工程.2008,34(18):179-180
[32]徐洪.Fcsr序列的伪随机性及线性复杂度.解放军信息工程大学硕士学位论文.2003
[33]田甜.带进位反馈移位寄存器序列的分析.解放军信息工程大学博士学位论文.2010
[34]B.Schneier(美)(著),吴世忠,祝世雄等(译).应用密码学-协议、算法与c源程序.北京:机械工业出版社,2000
[35]F. Arnault, T. Berger. Design of New Pseudorandom Generators Based on a Filtered Fcsr Automaton. In SASC, State of the Art of Stream Ciphers Workshop. Bruges, Belgium,2004:109-120
[36]F. Arnault, T. Berger. F-fcsr:Design of a New Class of Stream Ciphers. H. Handschuh, H. Gilbert, (Editors) Fast Softward Encryption 2005,LNCS 3557.2005:83-87
[37]F. Arnault, T. P. Berger. Design and Properties of a New Pseudorandom Genera-tor Based on a Filtered Fcsr Automaton. IEEE Transactions on Computers.2005, 54(11):1374-1383
[38]F. Arnault, T. P. Berger, C. Lauradoux. F-fcsr. Tech. Rep.008, ECRYPT Stream Cipher Project,2005. Http://www.ecrypt.eu.org/stream
[39]E. Jaulmes, F. Muller. Cryptanalysis of Ecrypt Candidates F-fcsr-8 and F-fcsr-h. Tech. Rep.046, ECRYPT Stream Cipher Project,2005. Http://www.ecrypt.eu.org/stream/papersdir/046.ps
[40]F. Arnault, T. Berger, C. Lauradoux. Preventing Weaknesses on F-fcsr in Iv Mode and Tradeoff Attack on F-fcsr-8. Tech. Rep.075, ECRYPT Stream Cipher Project,2005. Http://www.ecrypt.eu.org/stream/papersdir/075.pdf
[41]F. Arnault, T. P. Berger, C. Lauradoux. Update on F-fcsr Stream Cipher. Tech. Rep.025, ECRYPT Stream Cipher Project,2006. Http://www.ecrypt.eu.org/stream/papersdir/2006/025.pdf
[42]F. Arnault, T. Berger, M. Minier. On the Security of Fcsr-based Pseudo-random Generators. Tech. Rep.022, ECRYPT Stream Cipher Project,2007. Http://www.ecrypt.eu.org/stream/papersdir/2007/022.pdf
[43]T. Good, M. Benaissa. Hardware Results for Selected Stream Cipher Candidates. Tech. Rep.023, ECRYPT Stream Cipher Project,2007. Http://www.ecrypt.eu.org/stream/papersdir/2007/023.pdf
[44]F. Arnault, T. P. Berger, C. Lauradoux. Update on F-fcsr Stream Cipher. Tech. rep., ECRYPT Stream Cipher Project,2008. Http://www.ecrypt.eu.org/stream/
[45]J. Rajski, J. Tyszer, M. Kassab, et al. Embedded Deterministic Test. IEEE Transactions on Computer-aided Design of Intergrated Circuits and Systems.2004,23(5):776-792
[46]G. Mrugalski, J. Rajski, J. Tyszer. Ring Generators (?)new Devices for Embedded Test Applications. IEEE Transactions on Computeraided Design of Intergrated Circuits and Systems.2004,23(9):1306-1320
[47]F. Arnault, T. P. Berger, C. Lauradoux, et al. New Approach for Fcsrs. M. J. J. Jr., V. Rijmen, R. Safavi-Naini, (Editors) Selected Areas in Cryptography,LNCS.2009:433-448
[48]M. J. B. Robshaw. Stream Ciphers. Version 2.0 edn. US:RSA Laboratories Technical Report TR-701,1995
[49]J. Mattsson. Stream Cipher Design.2006, School of Engineering Physics Royal Insti-tute of Technology, Sweden. Master Thesis
[50]Y. LU. Applied Stream Ciphers in Mobile Communications. Phd thesis, B.Eng.in Computer Science & Technology, Beijing Polytechnic University.2006
[51]H. Wu. Cryptanalysis and Design of Stream Ciphers. Phd thesis, Katholieke Univer-siteit Leuven, Belgium.2008
[52]A. C. Yao. Theory and Applications of Trapdoor Functions. In Proceeings of the 23rd IEEE Symposium on Foundations of Computer Science.1982:80-91
[53]S. H. Babbage. Improved Exhaustive Search Attacks on Stream Ciphers. ECOS 95. 1995:161-166
[54]J. D. Golic. Cryptanalysis of Alleged A5 Stream Cipher. Eurocrypt'97, LNCS 1233. 1997:239-255
[55]J. D. Golic. Correlation Analysis of the Shrinking Generator. J. Kilian, (Editor) CRYPTO 2001, LNCS 2139.2001:440-457
[56]H. Molland, T. Helleseth. An Improved Correlation Attack Against Irregular Clocked and Filtered Keystream Generators. M. Franklin, (Editor) CRYPTO 2004, LNCS 3152. 2004:373-389
[57]T. Siegenthaler. Decrypting a Class of Stream Ciphers Using Ciphertext only. IEEE Transactions on Computers.1985,34(1):81-85
[58]R. Forre. A Fast Correlation Attack on Nonlinearly Feedforward Filtered Shift-register Sequences. J. Quisquater, J. Vandewalle, (Editors) EuroCrypt'89,LNCS 434. 1990:586-595
[59]W. Meier, O. Staffelbach. Fast Correlation Attacks on Certain Stream Ciphers. J. Cryptology.1989:159-176
[60]A. Canteaut, M. Trabbia. Improved Fast Correlation Attacks Using Parity-check Equa-tions of Weight 4 and 5. EUROCRYPT 2000,LNCS1807.2000:573-588
[61]T. Johansson, F.Jons son. Improved Fast Correlation Attacks on Stream Ciphers via Convolutional Codes. EUROCRYPT'99, LNCS 1592.1999:347-362
[62]T. Johansson, F.Jonsson. Fast Correlation Attacks Based on Turbo Code Techniques. CRYPTO'99,LNCS 1666.1999:181-197
[63]H. Molland, J. E. Mathiassen, T. Helleseth. Improved Fast Correlation Attack Using Low Rate Codes. Cryptography and Coding 2003, LNCS 2898.2003:67-81
[64]M. Hermelin, K. Nyberg. Correlation Properties of the Bluetooth Combiner. J. Song, (Editor) ICISC 99,LNCS 1787.2000:17-29
[65]F. Armknecht, M. Krause. Algebraic Attacks on Combiners with Memory. D. Boneh, (Editor) Crypto 2003, LNCS 2729.2003:162-175
[66]N. Courtois. Algebraic Attacks on Combiners with Memory and Several Outputs. C. Park, S. Chee, (Editors) ICISC 2004, LNCS 3506.2005:3-20
[67]R. Lidl, H. Niederreiter. Introduction to Finite Fields and Their Applications. Cam-bridge, U.K:Cambridge Univ. Press,1986
[68]G. Gong. Sequence Analysis,1999
[69]G. Gong. Theory and Applications of Q-ary Interleaved Sequences. IEEE Transactions on Information Theory.1995,41:400-411
[70]C. Seo, S. Lee, Y. Sung, et al. A Lower Bound on the Linear Span of Fcsr. IEEE Transactions on Information Theory.2000,46(2):691-693
[71]W. Qi, H. Xu. Partial Period Distribution of Fcsr Sequences. IEEE Transactions on Information Theory.2003,49(3):761-765
[72]M. Goresky, A. Klapper. Fibonacci and Galois Representations of Feedback-with-carry Shift Registers. IEEE Transactions on Information Theory.2002,48(11):2826-2836
[73]M. R. Murty. Artin's Conjecture for Primitive Roots. The Mathematical Intelligencer. 1988,10(4):59-67
[74]L. Murata. A Problem Analogous to Artin's Conjecture for Primitive Roots and its Applications. Arch. Math.1991,57:555-565
[75]J. Cannon, W. Bosma. Handbook of Magma Functions, Ver 2.12,2005
[76]F. Arnault, T. P. Berger. Feedback with Carry Shift Registers Synthesis with the Eu-clidean Algorithm. IEEE Transactions on Infromation Theory.2005,50(5):910-917
[77]A. Rukhin, J. Soto, J. Nechvatal, et al. A Statistical Test Suite for Random and Pseudo-random Number Generator for Cryptographic Applications. Tech. rep., NIST Special Publication 800-22,2004. Http://csrc.nist.gov/rng/SP800-22b.pdf
[78]A. Miyaji, M. Nonaka, Y. Takii. Known Plaintext Correlation Attack Against Rc5. B. Preneel, (Editor) CT-RSA 2002, LNCS 2271.2002:131-148
[79]T. Siegenthaler. Correlation-immunity of Nonlinear Combining Functions for Crypto-graphic Applications. IEEE Transactions on Information Theory.1984,20(5):776-780
[80]C. J. Jansen, T. Helleseth, A. Kholosha. Cascade Jump Controlled Sequence Generator. Tech. rep., Symmetric Key Encryption,2005. Http://citeseerx.ist.psu.edu/
[81]C. J. Jansen, T. Helleseth, A. Kholosha. Cascade Jump Controlled Sequence Generator and Pomaranch Stream Cipher. M. Robshaw, O. Billet, (Editors) New Stream Cipher Designs, LNCS 4986.2008:224-243
[82]W. G. Chambers. Clock-controlled Shift Registers in Binary Sequence Generators. IEE PROCEEDINGS.1988,135(1):17-24
[83]D. Gollmann, W. G. Chambers. Clock-controlled Shift Registers:A Review. IEEE Journal on Selected Areas in Communications.1989,7(4):525-533
[84]C. G. Gunther. Alternating Step Generators Controlled by De Bruijn Sequences. EU-ROCRYPT'87.1988:5-14
[85]C. G. Gunther. A Generator of Pseudorandom Sequences with Clock Controlled Linear Feedback Shift Register. Eurocrypt'87,LNCS.1987
[86]S. Kiyomoto, K. Fukushima, T. Tanaka, et al. On Effectiveness of Clock Con-trol in Stream Ciphers. IEICE Transactions on Fundamentals of Electronics,LNCS. 2007:1780-1787
[87]N. J. Hopper, M. Blum. Secure Human Identification Protocols. C. Boyd, (Editor) ASIACRYPT 2001, LNCS 2248.2001:52-66
[88]A. Juels, S. Weis. Authenticating Pervasive Devices with Human Protocols. V. Shoup, (Editor) CRYPTO'05,LNCS 3126.2005:293-308
[89]J. Bringer, H. Chabanne, E. Dottax. Hb++:A Lightweight Authentication Proto-col Secure Against some Attacks. IEEE International Conference on Pervasive Ser-vices, Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing SecPerU.2006:28-33
[90]J. Munilla, A. Peinado. Hb-mp:A Further Step in the Hb-family of Lightweight Au-thentication Protocols. Computer Networks.2007,51(9):2262-2267
[91]M. R. H. Gilbert, Y. Seurin. Hb#:Increasing the Security and Efficiency of Hb. N. P. Smart, (Editor) EUROCRYPT2008, LNCS 4965.2008:361-378
[92]P. Rizomiliotis. Hb-mac:Improving the Random-hb# Authentication Protocol. S. F. HAubner, et.al, (Editors) TrustBus 2009.LNCS 5695.2009:159-168
[93]A. Shamir. Squash-a New Mac with Provable Security Properties for Highly Con-strained Devices Such as Rfid Tags. K. Nyberg, (Editor) FSE 2008, LNCS 5086. 2008:144-157
[94]H. Gilbert, M. J. B. Robshaw, Y. Seurin. Good Variants of Hb+ Are Hard to Find. G. Tsudik, (Editor) Financial Crypto 2008.LNCS 5143.2008:156-170
[95]K. Ouafi, S. Vaudenay. Smashing Squash-0. A.Joux, (Editor) EUROCRYPT 2009,LNCS 5479.2009:300-312
[96]李信然,曾本胜,李世取.钟控生成器与布尔函数.信息安全与通信保密.2005,7:77—81
[97]万哲先.代数与编码.修订版.北京:科学出版社,1980
[98]张木想,肖国镇.流密码中非线性组合函数的分析与设计.电子学报.1996,24(1):48—52
[99]G. Gong. New Designs for Signal Sets with Low Cross Correlation, Balance Property, and Large Linear Span:gf(p) Case. IEEE Transactions on Information Theory.2002, 48(11):2847-2867
[100]M. Goresky, A. Klapper. Feedback Register Based on Ramified Extensions of the 2-adic Number. Advances in Cryptology-Eurocrypt'94. Perugia, Italy,1994:215-222
[101]A. R. Calderbank, Wen-Ching, W. Li, et al. A 2-adic Approach to the Analysis of Cyclic Codes. IEEE Transactions on Information Theory.1997,43(3):977-986
[102]W. Meidl. Extended Games-chan Algorithm for the 2-adic Complexity of Fcsr-sequences. Theoretical Computer Science.2003,290:2045-2051
[103]E. Jaulmes, F. Muller. Cryptanalysis of the F-fcsr Stream Cipher Family. SAC2005,LNCS.2005:20-35
[104]B. M. M. D. Weger. Approximation Lattices of P-adic Numbers. Journal of Number Theory.1986,24:70-88
[105]T. P. Berger, M. Minier. Two Algebraic Attacks Against the F-fcsrs Using the Iv Mode. S. Maitra, C. E. V. Madhavan, R. Venkatesan, (Editors) INDOCRYPT 2005, LNCS 3797.2005:143-154
[106]E. Jaulmes, F. Muller. Cryptanalysis of the F-fscr Stream Cipher Family. B. Preneel, S. Tavares, (Editors) SAC2005, LNCS 3897.2006:20-35
[107]J. Hong, P. Sarkar. New Applications of Time Memory Data Tradeoffs. B. Roy, (Editor) ASIACRYPT 2005, LNCS 3788.2005:353-372
[108]D. Hwang, M. Chaney, S. Karanam, et al. Comparison of Fpga-targeted Hardware Implementations of Estream Stream Cipher Candidates. Tech. rep. Http://volgenau.gmu.edu/.
[109]W. Chambers, S. Shepherd. Mutually Clock-controlled Cipher Keystream Generators. Electronics Letters.1997,33(12):1020-1021
[110]S. lung Su, K. ming Chiu, L. chyau Wuu. The Cryptanalysis of Lfsr/fcsr Based Al-ternating Step Generator. Computer Engineering and Systems, The 2006 International Conference.2006:228-231
[111]Y. Hu, G. Xiao. Generalized Self-shrinking Generator. IEEE Transactions on Informa-tion Theory.2004,50(4):714-719
[112]R. Rueppel. Anaysis and Design of Stream Ciphers. Heidelberg:Springer-Verlag, 1986
[113]R. Rueppel, O. Staffelbach. Products of Linear Recurring Sequences with Maximum Complexity. IEEE Transactions on Information Theory.1987,33(1):124-131
[114]刘传东,吕述望,范修斌.“停走”型钟控序列概率模型信息论分析”.电子与信息学报.2003,25(1):67—73
[115]N. Courtois, W. Meier. Algebraic Attacks on Stream Ciphers with Liners Feedback. Eurocrypt2003,LNCS 2656.2003:345-359
[116]N. Courtois. Fast Algebraic Attacks on Stream Ciphers with Linear Feedback. Crypto2003, LNCS 2729.2003:177-194
[117]Y. Tsunoo, T. Saito, H. Kubo, et al. A Distinguishing Attack on a Fast Software-implemented Rc4-like Stream Cipher. IEEE Transactions on Information Theory.2007, 53(9):3250-3255
[118]W. Zhang, G. Xiao. Constructions of Almost Optimal Resilient Boolean Functions on Large Even Number of Variables. IEEE Transactions on Information Theory.2009, 55(12):5822-5831
[119]M. J. Mihaljevic, M. P. C. Fossorier, H. Imai. Fast Correlation Attack Algorithm with List Decoding and an Application. M. Matsui, (Editor) FSE 2001,LNCS 2355. 2002:196-210
[120]Y. Lu, S. Vaudenay. Faster Correlation Attack on Bluetooth Keystream Generator EO. M. Franklin, (Editor) CRYPTO 2004, LNCS 3152.2004:407-425
[121]N. T. Courtois. Higher Order Correlation Attacks, XI Algorithm and Cryptanalysis of Toyocrypt. P. J. Lee, C. H. Lim, (Editors) ICISC 2002, LNCS 2587.2003:182-199
[122]W. Meier. Correlation Properties of Combiners with Memory in Stream Ciphers. Jour-nal of Cryptology.1992,5:67-86
[123]Z. H. Gao, F. W. Fu. The Minimal Polynomial Over fq of Linear Recurring Sequence Over fqm. Finite Fields and Their Applications.2009,15(6):774-784
[124]T. Siegenthaler. Correlation-immunity of Nonlinear Combining Functions for Crypto-graphic Applications. IEEE Transactions on Information Theory.1984,30:776-780
[125]H. Gilbert, M. J. B. Robshaw, H. Sibert. An Active Attack Against Hb+:A Prov-ably Secure Lightweight Authentication Protocol. IEE Electronics Letters.2005, 41(21):1169-1170
[126]J. Bringer, H. Chabanne. Trusted-hb:A Low-cost Version of Hb+ Secure Against Man-in-the-middle Attacks. IEEE Transactions on Information Theory.2008,54(9):4339-4342
[127]K. Ouafi, R. Overbeck, S. Vaudenay. On the Security of Hb# Against a Man-in-the-middle Attack. ASIACRYPT2008, LNCS 5350.2008:108-124
[128]G. Hammouri, B. Sunar. Puf-hb:A Tamper-resilient Hb Based Authentication Protocol. ACNS 2008, LNCS 5037.2008:346-365
[129]S. Zhilyaev. Evaluating a New Mac for Current and Generation Rfid,2010
[130]H. Vandenbroucke. Ecrypt-estream the State of the Art of Stream Ciphers. University of London:Submitted as part of the requirements for the award of the MSc in Information Security at Royal Holloway,2007
[2]冯登国,裴定一.密码学导引.北京:科学出版社,1999
[3]章照止.现代密码学基础.北京:北京邮电大学出版社,2004
[4]A. Menezes, P. van Oorschot, S. Vanstone. Handbook of Applied Cryptography. CRC Press,1996
[5]C. Shannon. Communication Theory of Secret System. Bell Syst. Tech. J.1949, 28:656-715
[6]肖国镇,梁传甲,王育民.伪随机序列及其应用.北京:国防工业出版社,1985
[7]杨义先,林须端,胡正名.编码密码学.北京:人民邮电出版社,1992
[8]丁存生,肖国镇.流密码学及其应用.北京:国防工业出版社,1994
[9]魏仕民.流密码及其复杂度分析.西安电子科技大学博士学位论文.2001
[10]U. M. Maurer. New Approaches to the Design of Self-synchronizing Stream Ciphers. EUROCRYPT'91.1991:459-471
[11]J. Daemen, R. Govaerts, J. Vandewalle. On the Design of High Speed Self-synchronizing Stream Ciphers. ICCS/ISITA'92. Singapore,1992:279-283
[12]F. Arnault, T. P. Berger, A. Necer. A New Class of Stream Ciphers Combining Lfsr and Fcsr Architectures. INDOCRYPT'2002, LNCS 2551.2002:22-33
[13]G. Rose, P. Hawkes, M. Paddon, et al. Primitive Specification for Sss. Tech. Rep.028, ECRYPT Stream Cipher Project,2005. Http://www.ecrypt.eu.org/stream
[14]J. Daemen, P. Kitsos. The Self-synchronizing Stream Cipher Mosquito. Tech. Rep. 018, ECRYPT Stream Cipher Project,2005. Http://www.ecrypt.eu.org/stream
[15]B. Zhang, H. Wu, D. Feng, et al. Chosen Ciphertext Attack on a New Class of Self-synchronizing Stream Ciphers. A. Canteaut, K. Viswanathan, (Editors) INDOCRYPT 2004, LNCS 3348.2004:73-83
[16]J. L. J. Daemen, B. Preneel. Chosen Ciphertext Attack on Sss. Tech. rep. Http://www.ecrypt.eu.org/stream/sss.html
[17]A. Joux, F. Muller. Chosen-ciphertext Attacks Against Mosquito. M. J. B. Robshaw, (Editor) FSE 2006, LNCS 4047.2006:390-404
[18]J. L. Massey. Shift-register Synthesis and Bch Decoding. IEEE Transactions on Infor-mation Theory.1969,15(1):122-127
[19]NESS IE. New European Schemes for Signatures, Integrity, and Encryption. Http://www.cosic.esat.kuleuven.be/nessie/
[20]eSTREAM. The Ecrypt Stream Cipher Project. Http://www.ecrypt.eu.org/
[21]S. Babbage, C. Canniere, A. Canteaut, et al. The Estream Portfolio. Tech. rep., ECRYPT Stream Cipher Project,2008. Http://www.ecrypt.eu.org/stream/portfolio.pdf
[22]M. Hell, T. Johansson. Breaking the F-fcsr-h Stream Cipher in Real Time. Advances in Cryptology-ASIACRYPT 2008. Melbourne, Australia,2008:557-569
[23]S. Babbage, C. Canniere, A. Canteaut, et al. The Estream Portfolio(rev.l). Tech. rep., ECRYPT Stream Cipher Project,2008. Http://www.ecrypt.eu.org/stream/portfolio.pdf
[24]A. Klapper, M. Goresky.2-adic Shif Register. Fast Software Encryption. Com-brige,U.K,1993:174-178
[25]A. Klapper, M. Goresky. Cryptanalysis Based on 2-adic Rational Approximation. D. Coppersmith, (Editor) Advances in Cryptology-CRYPTO'95,LNCS 963.1995:262-273
[26]A. Klapper, M. Goresky. Feedback Shift Registers,2-adic Span and Combiners with Memory. Journal of Cryptology.1997,10(1):111-147
[27]M. Goresky, A. Klapper. Arithmetic Crosscorrelations of Feedback with Carry Shift Register Sequences. IEEE Transactions on Information Theory.1997,43(4):1342-1345
[28]H. Xu, W.-F. Qi. Further Results on the Distinctness of Decimations of l-sequences. IEEE Transactions on Information Theory.2006,52(8):3831-3836
[29]徐洪.极大周期fcsr序列及相关序列伪随机性质的研究.解放军信息工程大学博士学位论文.2007
[30]W. Q. T.Tian. Period and Complementarity Properties of Fcsr Memory Sequences. IEEE Transactions on Information Theory.2007,53(8):2966-2970
[31]薛帅,戚文峰.Galois Fcsr的内部状态分析.计算机工程.2008,34(18):179-180
[32]徐洪.Fcsr序列的伪随机性及线性复杂度.解放军信息工程大学硕士学位论文.2003
[33]田甜.带进位反馈移位寄存器序列的分析.解放军信息工程大学博士学位论文.2010
[34]B.Schneier(美)(著),吴世忠,祝世雄等(译).应用密码学-协议、算法与c源程序.北京:机械工业出版社,2000
[35]F. Arnault, T. Berger. Design of New Pseudorandom Generators Based on a Filtered Fcsr Automaton. In SASC, State of the Art of Stream Ciphers Workshop. Bruges, Belgium,2004:109-120
[36]F. Arnault, T. Berger. F-fcsr:Design of a New Class of Stream Ciphers. H. Handschuh, H. Gilbert, (Editors) Fast Softward Encryption 2005,LNCS 3557.2005:83-87
[37]F. Arnault, T. P. Berger. Design and Properties of a New Pseudorandom Genera-tor Based on a Filtered Fcsr Automaton. IEEE Transactions on Computers.2005, 54(11):1374-1383
[38]F. Arnault, T. P. Berger, C. Lauradoux. F-fcsr. Tech. Rep.008, ECRYPT Stream Cipher Project,2005. Http://www.ecrypt.eu.org/stream
[39]E. Jaulmes, F. Muller. Cryptanalysis of Ecrypt Candidates F-fcsr-8 and F-fcsr-h. Tech. Rep.046, ECRYPT Stream Cipher Project,2005. Http://www.ecrypt.eu.org/stream/papersdir/046.ps
[40]F. Arnault, T. Berger, C. Lauradoux. Preventing Weaknesses on F-fcsr in Iv Mode and Tradeoff Attack on F-fcsr-8. Tech. Rep.075, ECRYPT Stream Cipher Project,2005. Http://www.ecrypt.eu.org/stream/papersdir/075.pdf
[41]F. Arnault, T. P. Berger, C. Lauradoux. Update on F-fcsr Stream Cipher. Tech. Rep.025, ECRYPT Stream Cipher Project,2006. Http://www.ecrypt.eu.org/stream/papersdir/2006/025.pdf
[42]F. Arnault, T. Berger, M. Minier. On the Security of Fcsr-based Pseudo-random Generators. Tech. Rep.022, ECRYPT Stream Cipher Project,2007. Http://www.ecrypt.eu.org/stream/papersdir/2007/022.pdf
[43]T. Good, M. Benaissa. Hardware Results for Selected Stream Cipher Candidates. Tech. Rep.023, ECRYPT Stream Cipher Project,2007. Http://www.ecrypt.eu.org/stream/papersdir/2007/023.pdf
[44]F. Arnault, T. P. Berger, C. Lauradoux. Update on F-fcsr Stream Cipher. Tech. rep., ECRYPT Stream Cipher Project,2008. Http://www.ecrypt.eu.org/stream/
[45]J. Rajski, J. Tyszer, M. Kassab, et al. Embedded Deterministic Test. IEEE Transactions on Computer-aided Design of Intergrated Circuits and Systems.2004,23(5):776-792
[46]G. Mrugalski, J. Rajski, J. Tyszer. Ring Generators (?)new Devices for Embedded Test Applications. IEEE Transactions on Computeraided Design of Intergrated Circuits and Systems.2004,23(9):1306-1320
[47]F. Arnault, T. P. Berger, C. Lauradoux, et al. New Approach for Fcsrs. M. J. J. Jr., V. Rijmen, R. Safavi-Naini, (Editors) Selected Areas in Cryptography,LNCS.2009:433-448
[48]M. J. B. Robshaw. Stream Ciphers. Version 2.0 edn. US:RSA Laboratories Technical Report TR-701,1995
[49]J. Mattsson. Stream Cipher Design.2006, School of Engineering Physics Royal Insti-tute of Technology, Sweden. Master Thesis
[50]Y. LU. Applied Stream Ciphers in Mobile Communications. Phd thesis, B.Eng.in Computer Science & Technology, Beijing Polytechnic University.2006
[51]H. Wu. Cryptanalysis and Design of Stream Ciphers. Phd thesis, Katholieke Univer-siteit Leuven, Belgium.2008
[52]A. C. Yao. Theory and Applications of Trapdoor Functions. In Proceeings of the 23rd IEEE Symposium on Foundations of Computer Science.1982:80-91
[53]S. H. Babbage. Improved Exhaustive Search Attacks on Stream Ciphers. ECOS 95. 1995:161-166
[54]J. D. Golic. Cryptanalysis of Alleged A5 Stream Cipher. Eurocrypt'97, LNCS 1233. 1997:239-255
[55]J. D. Golic. Correlation Analysis of the Shrinking Generator. J. Kilian, (Editor) CRYPTO 2001, LNCS 2139.2001:440-457
[56]H. Molland, T. Helleseth. An Improved Correlation Attack Against Irregular Clocked and Filtered Keystream Generators. M. Franklin, (Editor) CRYPTO 2004, LNCS 3152. 2004:373-389
[57]T. Siegenthaler. Decrypting a Class of Stream Ciphers Using Ciphertext only. IEEE Transactions on Computers.1985,34(1):81-85
[58]R. Forre. A Fast Correlation Attack on Nonlinearly Feedforward Filtered Shift-register Sequences. J. Quisquater, J. Vandewalle, (Editors) EuroCrypt'89,LNCS 434. 1990:586-595
[59]W. Meier, O. Staffelbach. Fast Correlation Attacks on Certain Stream Ciphers. J. Cryptology.1989:159-176
[60]A. Canteaut, M. Trabbia. Improved Fast Correlation Attacks Using Parity-check Equa-tions of Weight 4 and 5. EUROCRYPT 2000,LNCS1807.2000:573-588
[61]T. Johansson, F.Jons son. Improved Fast Correlation Attacks on Stream Ciphers via Convolutional Codes. EUROCRYPT'99, LNCS 1592.1999:347-362
[62]T. Johansson, F.Jonsson. Fast Correlation Attacks Based on Turbo Code Techniques. CRYPTO'99,LNCS 1666.1999:181-197
[63]H. Molland, J. E. Mathiassen, T. Helleseth. Improved Fast Correlation Attack Using Low Rate Codes. Cryptography and Coding 2003, LNCS 2898.2003:67-81
[64]M. Hermelin, K. Nyberg. Correlation Properties of the Bluetooth Combiner. J. Song, (Editor) ICISC 99,LNCS 1787.2000:17-29
[65]F. Armknecht, M. Krause. Algebraic Attacks on Combiners with Memory. D. Boneh, (Editor) Crypto 2003, LNCS 2729.2003:162-175
[66]N. Courtois. Algebraic Attacks on Combiners with Memory and Several Outputs. C. Park, S. Chee, (Editors) ICISC 2004, LNCS 3506.2005:3-20
[67]R. Lidl, H. Niederreiter. Introduction to Finite Fields and Their Applications. Cam-bridge, U.K:Cambridge Univ. Press,1986
[68]G. Gong. Sequence Analysis,1999
[69]G. Gong. Theory and Applications of Q-ary Interleaved Sequences. IEEE Transactions on Information Theory.1995,41:400-411
[70]C. Seo, S. Lee, Y. Sung, et al. A Lower Bound on the Linear Span of Fcsr. IEEE Transactions on Information Theory.2000,46(2):691-693
[71]W. Qi, H. Xu. Partial Period Distribution of Fcsr Sequences. IEEE Transactions on Information Theory.2003,49(3):761-765
[72]M. Goresky, A. Klapper. Fibonacci and Galois Representations of Feedback-with-carry Shift Registers. IEEE Transactions on Information Theory.2002,48(11):2826-2836
[73]M. R. Murty. Artin's Conjecture for Primitive Roots. The Mathematical Intelligencer. 1988,10(4):59-67
[74]L. Murata. A Problem Analogous to Artin's Conjecture for Primitive Roots and its Applications. Arch. Math.1991,57:555-565
[75]J. Cannon, W. Bosma. Handbook of Magma Functions, Ver 2.12,2005
[76]F. Arnault, T. P. Berger. Feedback with Carry Shift Registers Synthesis with the Eu-clidean Algorithm. IEEE Transactions on Infromation Theory.2005,50(5):910-917
[77]A. Rukhin, J. Soto, J. Nechvatal, et al. A Statistical Test Suite for Random and Pseudo-random Number Generator for Cryptographic Applications. Tech. rep., NIST Special Publication 800-22,2004. Http://csrc.nist.gov/rng/SP800-22b.pdf
[78]A. Miyaji, M. Nonaka, Y. Takii. Known Plaintext Correlation Attack Against Rc5. B. Preneel, (Editor) CT-RSA 2002, LNCS 2271.2002:131-148
[79]T. Siegenthaler. Correlation-immunity of Nonlinear Combining Functions for Crypto-graphic Applications. IEEE Transactions on Information Theory.1984,20(5):776-780
[80]C. J. Jansen, T. Helleseth, A. Kholosha. Cascade Jump Controlled Sequence Generator. Tech. rep., Symmetric Key Encryption,2005. Http://citeseerx.ist.psu.edu/
[81]C. J. Jansen, T. Helleseth, A. Kholosha. Cascade Jump Controlled Sequence Generator and Pomaranch Stream Cipher. M. Robshaw, O. Billet, (Editors) New Stream Cipher Designs, LNCS 4986.2008:224-243
[82]W. G. Chambers. Clock-controlled Shift Registers in Binary Sequence Generators. IEE PROCEEDINGS.1988,135(1):17-24
[83]D. Gollmann, W. G. Chambers. Clock-controlled Shift Registers:A Review. IEEE Journal on Selected Areas in Communications.1989,7(4):525-533
[84]C. G. Gunther. Alternating Step Generators Controlled by De Bruijn Sequences. EU-ROCRYPT'87.1988:5-14
[85]C. G. Gunther. A Generator of Pseudorandom Sequences with Clock Controlled Linear Feedback Shift Register. Eurocrypt'87,LNCS.1987
[86]S. Kiyomoto, K. Fukushima, T. Tanaka, et al. On Effectiveness of Clock Con-trol in Stream Ciphers. IEICE Transactions on Fundamentals of Electronics,LNCS. 2007:1780-1787
[87]N. J. Hopper, M. Blum. Secure Human Identification Protocols. C. Boyd, (Editor) ASIACRYPT 2001, LNCS 2248.2001:52-66
[88]A. Juels, S. Weis. Authenticating Pervasive Devices with Human Protocols. V. Shoup, (Editor) CRYPTO'05,LNCS 3126.2005:293-308
[89]J. Bringer, H. Chabanne, E. Dottax. Hb++:A Lightweight Authentication Proto-col Secure Against some Attacks. IEEE International Conference on Pervasive Ser-vices, Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing SecPerU.2006:28-33
[90]J. Munilla, A. Peinado. Hb-mp:A Further Step in the Hb-family of Lightweight Au-thentication Protocols. Computer Networks.2007,51(9):2262-2267
[91]M. R. H. Gilbert, Y. Seurin. Hb#:Increasing the Security and Efficiency of Hb. N. P. Smart, (Editor) EUROCRYPT2008, LNCS 4965.2008:361-378
[92]P. Rizomiliotis. Hb-mac:Improving the Random-hb# Authentication Protocol. S. F. HAubner, et.al, (Editors) TrustBus 2009.LNCS 5695.2009:159-168
[93]A. Shamir. Squash-a New Mac with Provable Security Properties for Highly Con-strained Devices Such as Rfid Tags. K. Nyberg, (Editor) FSE 2008, LNCS 5086. 2008:144-157
[94]H. Gilbert, M. J. B. Robshaw, Y. Seurin. Good Variants of Hb+ Are Hard to Find. G. Tsudik, (Editor) Financial Crypto 2008.LNCS 5143.2008:156-170
[95]K. Ouafi, S. Vaudenay. Smashing Squash-0. A.Joux, (Editor) EUROCRYPT 2009,LNCS 5479.2009:300-312
[96]李信然,曾本胜,李世取.钟控生成器与布尔函数.信息安全与通信保密.2005,7:77—81
[97]万哲先.代数与编码.修订版.北京:科学出版社,1980
[98]张木想,肖国镇.流密码中非线性组合函数的分析与设计.电子学报.1996,24(1):48—52
[99]G. Gong. New Designs for Signal Sets with Low Cross Correlation, Balance Property, and Large Linear Span:gf(p) Case. IEEE Transactions on Information Theory.2002, 48(11):2847-2867
[100]M. Goresky, A. Klapper. Feedback Register Based on Ramified Extensions of the 2-adic Number. Advances in Cryptology-Eurocrypt'94. Perugia, Italy,1994:215-222
[101]A. R. Calderbank, Wen-Ching, W. Li, et al. A 2-adic Approach to the Analysis of Cyclic Codes. IEEE Transactions on Information Theory.1997,43(3):977-986
[102]W. Meidl. Extended Games-chan Algorithm for the 2-adic Complexity of Fcsr-sequences. Theoretical Computer Science.2003,290:2045-2051
[103]E. Jaulmes, F. Muller. Cryptanalysis of the F-fcsr Stream Cipher Family. SAC2005,LNCS.2005:20-35
[104]B. M. M. D. Weger. Approximation Lattices of P-adic Numbers. Journal of Number Theory.1986,24:70-88
[105]T. P. Berger, M. Minier. Two Algebraic Attacks Against the F-fcsrs Using the Iv Mode. S. Maitra, C. E. V. Madhavan, R. Venkatesan, (Editors) INDOCRYPT 2005, LNCS 3797.2005:143-154
[106]E. Jaulmes, F. Muller. Cryptanalysis of the F-fscr Stream Cipher Family. B. Preneel, S. Tavares, (Editors) SAC2005, LNCS 3897.2006:20-35
[107]J. Hong, P. Sarkar. New Applications of Time Memory Data Tradeoffs. B. Roy, (Editor) ASIACRYPT 2005, LNCS 3788.2005:353-372
[108]D. Hwang, M. Chaney, S. Karanam, et al. Comparison of Fpga-targeted Hardware Implementations of Estream Stream Cipher Candidates. Tech. rep. Http://volgenau.gmu.edu/.
[109]W. Chambers, S. Shepherd. Mutually Clock-controlled Cipher Keystream Generators. Electronics Letters.1997,33(12):1020-1021
[110]S. lung Su, K. ming Chiu, L. chyau Wuu. The Cryptanalysis of Lfsr/fcsr Based Al-ternating Step Generator. Computer Engineering and Systems, The 2006 International Conference.2006:228-231
[111]Y. Hu, G. Xiao. Generalized Self-shrinking Generator. IEEE Transactions on Informa-tion Theory.2004,50(4):714-719
[112]R. Rueppel. Anaysis and Design of Stream Ciphers. Heidelberg:Springer-Verlag, 1986
[113]R. Rueppel, O. Staffelbach. Products of Linear Recurring Sequences with Maximum Complexity. IEEE Transactions on Information Theory.1987,33(1):124-131
[114]刘传东,吕述望,范修斌.“停走”型钟控序列概率模型信息论分析”.电子与信息学报.2003,25(1):67—73
[115]N. Courtois, W. Meier. Algebraic Attacks on Stream Ciphers with Liners Feedback. Eurocrypt2003,LNCS 2656.2003:345-359
[116]N. Courtois. Fast Algebraic Attacks on Stream Ciphers with Linear Feedback. Crypto2003, LNCS 2729.2003:177-194
[117]Y. Tsunoo, T. Saito, H. Kubo, et al. A Distinguishing Attack on a Fast Software-implemented Rc4-like Stream Cipher. IEEE Transactions on Information Theory.2007, 53(9):3250-3255
[118]W. Zhang, G. Xiao. Constructions of Almost Optimal Resilient Boolean Functions on Large Even Number of Variables. IEEE Transactions on Information Theory.2009, 55(12):5822-5831
[119]M. J. Mihaljevic, M. P. C. Fossorier, H. Imai. Fast Correlation Attack Algorithm with List Decoding and an Application. M. Matsui, (Editor) FSE 2001,LNCS 2355. 2002:196-210
[120]Y. Lu, S. Vaudenay. Faster Correlation Attack on Bluetooth Keystream Generator EO. M. Franklin, (Editor) CRYPTO 2004, LNCS 3152.2004:407-425
[121]N. T. Courtois. Higher Order Correlation Attacks, XI Algorithm and Cryptanalysis of Toyocrypt. P. J. Lee, C. H. Lim, (Editors) ICISC 2002, LNCS 2587.2003:182-199
[122]W. Meier. Correlation Properties of Combiners with Memory in Stream Ciphers. Jour-nal of Cryptology.1992,5:67-86
[123]Z. H. Gao, F. W. Fu. The Minimal Polynomial Over fq of Linear Recurring Sequence Over fqm. Finite Fields and Their Applications.2009,15(6):774-784
[124]T. Siegenthaler. Correlation-immunity of Nonlinear Combining Functions for Crypto-graphic Applications. IEEE Transactions on Information Theory.1984,30:776-780
[125]H. Gilbert, M. J. B. Robshaw, H. Sibert. An Active Attack Against Hb+:A Prov-ably Secure Lightweight Authentication Protocol. IEE Electronics Letters.2005, 41(21):1169-1170
[126]J. Bringer, H. Chabanne. Trusted-hb:A Low-cost Version of Hb+ Secure Against Man-in-the-middle Attacks. IEEE Transactions on Information Theory.2008,54(9):4339-4342
[127]K. Ouafi, R. Overbeck, S. Vaudenay. On the Security of Hb# Against a Man-in-the-middle Attack. ASIACRYPT2008, LNCS 5350.2008:108-124
[128]G. Hammouri, B. Sunar. Puf-hb:A Tamper-resilient Hb Based Authentication Protocol. ACNS 2008, LNCS 5037.2008:346-365
[129]S. Zhilyaev. Evaluating a New Mac for Current and Generation Rfid,2010
[130]H. Vandenbroucke. Ecrypt-estream the State of the Art of Stream Ciphers. University of London:Submitted as part of the requirements for the award of the MSc in Information Security at Royal Holloway,2007