BASED ON ITERATIVE ERROR-CORRECTION

Similar documents
The Closest Line to a Data Set in the Plane. David Gurney Southeastern Louisiana University Hammond, Louisiana

3D Model Retrieval Method Based on Sample Prediction

On Infinite Groups that are Isomorphic to its Proper Infinite Subgroup. Jaymar Talledo Balihon. Abstract

An Improved Shuffled Frog-Leaping Algorithm for Knapsack Problem

Ones Assignment Method for Solving Traveling Salesman Problem

Analysis of Server Resource Consumption of Meteorological Satellite Application System Based on Contour Curve

Counting the Number of Minimum Roman Dominating Functions of a Graph

SECURITY PROOF FOR SHENGBAO WANG S IDENTITY-BASED ENCRYPTION SCHEME

COSC 1P03. Ch 7 Recursion. Introduction to Data Structures 8.1

FREQUENCY ESTIMATION OF INTERNET PACKET STREAMS WITH LIMITED SPACE: UPPER AND LOWER BOUNDS

A New Morphological 3D Shape Decomposition: Grayscale Interframe Interpolation Method

Sorting in Linear Time. Data Structures and Algorithms Andrei Bulatov

Improving Information Retrieval System Security via an Optimal Maximal Coding Scheme

Accuracy Improvement in Camera Calibration

The Simeck Family of Lightweight Block Ciphers

New Fuzzy Color Clustering Algorithm Based on hsl Similarity

An Efficient Algorithm for Graph Bisection of Triangularizations

Dynamic Programming and Curve Fitting Based Road Boundary Detection

Homework 1 Solutions MA 522 Fall 2017

Cubic Polynomial Curves with a Shape Parameter

Convergence results for conditional expectations

ANN WHICH COVERS MLP AND RBF

Statistical Approach for Noise Removal in Speech Signals Using LMS, NLMS, Block LMS and RLS Adaptive filters

Lecture Notes 6 Introduction to algorithm analysis CSS 501 Data Structures and Object-Oriented Programming

Effect of control points distribution on the orthorectification accuracy of an Ikonos II image through rational polynomial functions

Pruning and Summarizing the Discovered Time Series Association Rules from Mechanical Sensor Data Qing YANG1,a,*, Shao-Yu WANG1,b, Ting-Ting ZHANG2,c

An Efficient Algorithm for Graph Bisection of Triangularizations

Reversible Realization of Quaternary Decoder, Multiplexer, and Demultiplexer Circuits

Image Segmentation EEE 508

6.854J / J Advanced Algorithms Fall 2008

A NOISY CLOCK-CONTROLLED SHIFT REGISTER CRYPTANALYSIS CONCEPT BASED ON SEQUENCE COMPARISON APPROACH. Jovan Dj. Golic

Mobile terminal 3D image reconstruction program development based on Android Lin Qinhua

BOOLEAN MATHEMATICS: GENERAL THEORY

Handwriting Stroke Extraction Using a New XYTC Transform

On the Accuracy of Vector Metrics for Quality Assessment in Image Filtering

Evaluation of Support Vector Machine Kernels for Detecting Network Anomalies

CSC165H1 Worksheet: Tutorial 8 Algorithm analysis (SOLUTIONS)

1 Graph Sparsfication

Primitive polynomials selection method for pseudo-random number generator

The Counterchanged Crossed Cube Interconnection Network and Its Topology Properties

Analysis Metrics. Intro to Algorithm Analysis. Slides. 12. Alg Analysis. 12. Alg Analysis

Pattern Recognition Systems Lab 1 Least Mean Squares

CS 683: Advanced Design and Analysis of Algorithms

Improvement of the Orthogonal Code Convolution Capabilities Using FPGA Implementation

What are we going to learn? CSC Data Structures Analysis of Algorithms. Overview. Algorithm, and Inputs

New Results on Energy of Graphs of Small Order

Parallel Polygon Approximation Algorithm Targeted at Reconfigurable Multi-Ring Hardware

The Eigen-Cover Ratio of a Graph: Asymptotes, Domination and Areas

Recursive Estimation

Perhaps the method will give that for every e > U f() > p - 3/+e There is o o-trivial upper boud for f() ad ot eve f() < Z - e. seems to be kow, where

Performance Plus Software Parameter Definitions

Lecture 5. Counting Sort / Radix Sort

Fundamentals of Media Processing. Shin'ichi Satoh Kazuya Kodama Hiroshi Mo Duy-Dinh Le

ABOUT A CONSTRUCTION PROBLEM

Elementary Educational Computer

. Written in factored form it is easy to see that the roots are 2, 2, i,

Bezier curves. Figure 2 shows cubic Bezier curves for various control points. In a Bezier curve, only

Bayesian approach to reliability modelling for a probability of failure on demand parameter

The golden search method: Question 1

Algorithm. Counting Sort Analysis of Algorithms

Lecture 18. Optimization in n dimensions

A Parallel DFA Minimization Algorithm

Numerical Methods Lecture 6 - Curve Fitting Techniques

Pseudocode ( 1.1) Analysis of Algorithms. Primitive Operations. Pseudocode Details. Running Time ( 1.1) Estimating performance

How do we evaluate algorithms?

A Comparative Study of Positive and Negative Factorials

Optimization for framework design of new product introduction management system Ma Ying, Wu Hongcui

A Study on the Performance of Cholesky-Factorization using MPI

INTERSECTION CORDIAL LABELING OF GRAPHS

Heuristic Approaches for Solving the Multidimensional Knapsack Problem (MKP)

CIS 121 Data Structures and Algorithms with Java Spring Stacks, Queues, and Heaps Monday, February 18 / Tuesday, February 19

Chapter 11. Friends, Overloaded Operators, and Arrays in Classes. Copyright 2014 Pearson Addison-Wesley. All rights reserved.

Mapping Publishing and Mapping Adaptation in the Middleware of Railway Information Grid System

A Polynomial Interval Shortest-Route Algorithm for Acyclic Network

Linear Time-Invariant Systems

CIS 121 Data Structures and Algorithms with Java Fall Big-Oh Notation Tuesday, September 5 (Make-up Friday, September 8)

Package popkorn. R topics documented: February 20, Type Package

Lower Bounds for Sorting

On Characteristic Polynomial of Directed Divisor Graphs

Neuro Fuzzy Model for Human Face Expression Recognition

Octahedral Graph Scaling

Math Section 2.2 Polynomial Functions

IMP: Superposer Integrated Morphometrics Package Superposition Tool

Lecture 1: Introduction and Strassen s Algorithm

Second-Order Domain Decomposition Method for Three-Dimensional Hyperbolic Problems

Sparse seismic deconvolution by method of orthogonal matching pursuit

Mean cordiality of some snake graphs

Evaluation scheme for Tracking in AMI

RADIAL BASIS FUNCTION USE FOR THE RESTORATION OF DAMAGED IMAGES

A RELATIONSHIP BETWEEN BOUNDS ON THE SUM OF SQUARES OF DEGREES OF A GRAPH

The Extended Weibull Geometric Family

Low Complexity H.265/HEVC Coding Unit Size Decision for a Videoconferencing System

CIS 121 Data Structures and Algorithms with Java Spring Stacks and Queues Monday, February 12 / Tuesday, February 13

15 UNSUPERVISED LEARNING

Algorithms for Disk Covering Problems with the Most Points

Some New Results on Prime Graphs

Partitions of a Convex Polygon

Novel Encryption Schemes Based on Catalan Numbers

Chapter 10. Defining Classes. Copyright 2015 Pearson Education, Ltd.. All rights reserved.

New HSL Distance Based Colour Clustering Algorithm

Transcription:

A COHPARISO OF CRYPTAALYTIC PRICIPLES BASED O ITERATIVE ERROR-CORRECTIO Miodrag J. MihaljeviC ad Jova Dj. GoliC Istitute of Applied Mathematics ad Electroics. Belgrade School of Electrical Egieerig. Uiversity of Belgrade Bulevar Revolucije 73. 11001 Beograd. Yugoslavia ABSTRACT: A cryptaalytic problem of a liear feedback shift register iitial state recostructio usig a oisy output sequece is cosidered. The mai uderlyig priciples of three recetly proposed cryptaalytic procedures based o the iterative error-correctio are poited out ad compared. I. ITRODUCTIO A weakess of a class of ruig key geerators for stream ciphers is demostrated i [l]. ad fast algorithms for the cryptaalysis are proposed i [2]-[7] havig origis i [S]. I this paper the mai uderlyig priciples for the algorithms [2]-[S] are aalyzed. The followig three priciples are cosidered: P.l: Error-correctio is based o the umber of satisfied parity-checks. P.2: Error-correctio is based o the estimatio of the relevat posterior probabilities obtaied by usig the average posterior probability estimated probability i the curret iteratio. i the previous iteratio as the prior P.3: Error-correctio is based o the estimatio of the relevat posterior probabilities obtaied by usig the posterior probabilities estimated i the previous iteratio as the prior probabilities i the curret iteratio. 11. ALGORITHHS I this sectio three algorithms correspodig to the priciples P.l-P.3 are specified. Algorithm P.l is the algorithm proposed i [3]. Algorithm P.2 coald be regarded as a simplificatio of the Algorithm [4]. Algorithm P.3 could be see as a simplificatio/modificatio of the Algorithm B [2]. Deote by {XI=l a output segmet of a liear feedback shift register (LFSR) of legth L with w feedback tapes. I a statisti- cal model, a biary oise sequece ie)= 1 is assumed to be a D.W. Davies (Ed.): Advaces i Cryptology - EUROCRYPT '91, LCS 547, pp. 527-531, 1991. 0 Spriger-Verlag Berli Heidelberg 199 1

528 realizatio of a sequece of i.i.d. biary variables {E},l such that Pr(E=l) = p, z1.2..... Let be a oisy versio of {x}zl defied by z = x 81 e, =1.2,.... (1) The problem uder cosideratio is a recostructio of the LFSR iitial state based o the priciples P. 1-P.3 assumig that the segmet {q=1, the LFSR characteristic polyomial. ad the parameter p are kow. For the compariso purposes we assume that all the algorithms are based o the parity-checks defied as follows. Defiitio: = {~~()}~ is a set of orthogoal parity-checks related to the -th bit that are geerated accordig to the characteristic polyomial multiples as i [2]-[3]. =1.2,.... Let ck() = Xmod2 ze. k=1.2...i I, =1.2..... (2) EETk() where I] deotes the cardiality of. Assume that ck() is a realizatio of a biary radom variable Ck(). k=1.2,...ll, ll =1.2..... Let Pr(E. (Ck()}k=l ) be the joit probability of the variables ad Ck(), k=1.2...., ldl, ad let Pr(El {Ck()}k,l ) be the correspodig posterior probability, =1.2..... I I E The followig steps are idetical for all the algorithms: Iitializatio: i=o, I=cost, p(o)=p. 1: Set i+i+l. If i ) I go to the last step. 2: Calculate ck(), k=1,2...i I, =1,2..... ALGORITHM P.l [3]: I I 3: Calculate t = ll - 2 1" ck(), =1.2...... 4: If t ( 0, set z + z 81 1, =1.2..... Go to 1. 5: Stop the procedure. k= 1

529 5: Calculate p(i) = (I/) z pli) = 1. GO to I. 6: Stop the procedure ALGORITHM P.3: where ad C () = 1 - c (), p,() = [I - (1-2 P, )I 1 2 I (6) e e W tmj)j,l parity-check,() W j=1 j deotes the set of idices of the bits ivolved i the, for ay 4: If P(i) ) 0.5, set z + z @ 1. 5: Set e=1,2,.... ll, =l.2,..... p (i) + pli), =1.2....,. GO to 1. 6: Stop the procedure. pi ) + I-P(~), =1.2....,. 111. EXPERIHETAL RESULTS The experimets are realized usig a LFSR of legth 47 with 2 feedback tapes o the stages 5 ad 47. whe the observed sequece is of legth =105. The followig self-explaatory table presets the experimetal results. Accordig to the experimetal ivestigatios. all the algorithms could work whe the oise is uder a limit which is a fuctio of the observed sequece legth. For higher oise. Algorithm P.l is the first to fail, ad Algorithm P3 is the last oe to fail.

530 Table: The umber of residual errors as a fuctio of the iteratio step for Algorithms P.l-P.3 ad the oise pl=0.400, p2=0.425 ad p3=0.435. P = p1.p2.p3 where iteratio # of residual errors i Algorithm P.l Algorithm P.2 Algorithm P.3 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 40357 44440 45774 40383 45868 47301 39343 46758 48388 36610 47147 48566 31750 47468 48763 23614 47779 48626 13714 47610 48699 6246 47530 48817 1820 47736 48667 230 47606 48699 0 47528 48704 47574 48820 47478 48962 47532 48854 47551 48878 47466 48822 47578 48852 47613 48623 48790 48704 48800 48776 48785 48763 48862 48762 48835 488 18 48893 48805 48833 488 16 48835 48789 48801 37728 41693 43077 35734 41397 43015 33477 41002 42934 30400 40659 42814 26130 40259 42821 19808 39827 42657 11850 39214 42522 6315 38544 42423 3184 38935 42359 717 38661 42335 13 38432 42347 0 38216 42346 38028 42326 37870 42337 37688 42315 37505 42344 37320 42344 37127 42358 36940 42348 36661 42340 36304 42338 35838 42340 35225 42343 34429 42349 33569 42351 32504 42356 31189 42350 29703 42353 28146 42355 26409 42352 24191 42352 21280 42352 18105 42358 15042 42360 12245 42360 9443 42360 7080 42360 5197 42360 3446 42360 1910 42360 745 42360 122 42360 0. 37728 41693 43077 34462 40943 42712 30249 40194 42397 24943 39270 42211 15333 38191 41977 5719 36618 41796 1484 34849 41376 117 32711 41133 2 30097 40768 0 26603 40515 22190 40156 16766 39918 11810 39579 8403 39307 6110 39033 4006 38755 2198 38420 831 38079 139 37718 0 37277 36800 36235 35655 35003 34262 32350 31 183 29750 28273 25309 23818 22280 205 18 1844 1 15922 1280 1 9685 7140 5337 3837 2604 1317 329 3 0 IV. COCLUSIOS A cryptaalytic problem of a LFSR iitial state recostructio usig the oisy output sequece is cosidered. The mai uderlyig

531 priciples of the cryptaalytic algorithms based o the iterative error-correctio, recetly proposed i [2]-[6]. are compared. The three correspodig algorithms, amed Algorithms P.l-P.3. are specified ad aalyzed. Let a iteratio cost be a equivalet of the iteratio cycle complexity ad a recostructio cost be a product of the iteratio cost ad the umber of iteratios eeded for the recostructio. The mai complexity differece betwee the algorithms is i the third step. ote that, for a give I!, the probability (3) depeds oly o s ='k=l I I c (). istead of the idividual parity-checks ck(). k Acco- rdigly. it ca be show that the complexity of Algorithm P.3 is co- siderably greater tha the complexities of both Algorithms P.l or P.2. Accordig to the experimetal results ad the complexity aalysis, we have the followig heuristic coclusios: - Whe the oise is lower tha the limit below which all the algorithms work, Algorithm P.l yields the miimum recostructio cost. - I the case of higher oise whe Algorithm P.l fails ad both Algorithms P.2 ad P.3 work, it is better to use Algorithm P.2 because of the lower recostructio cost. - Fially, whe Algorithm P.3 works ad Algorithms P.l ad P.2 both fail, i order to miimize the recostructio cost the followig procedure could be used: make the iitial error-rate reductio usig Algorithm P.3. ad after the certai poits chage the ruig algorithm by Algorithms P.2 ad P.l. respectively. REFERECES 111 c41 151 161 [71 C81 T.Siegethaler, "Decryptig a Class of Stream Ciphers Usig Ciphertext Oly". IEEE Tras. Comput.. vol. C-34. Ja. 1985, pp. 81-85. W.Meier. 0.Staffelbach. "Fast Correlatio Attacks o Certai Stream Ciphers". Joural of Cryptology. vol.1. 1989.. pp.159-176. K.Zeg. M.Huag. "O the Liear Sydrome Method i Cryptaalysis". Lecture otes i Computer Sciece. Advaces i Cryptology - CRYPTO '88. ~01.405. pp.469-478. Spriger-Verlag. 1990. M.MihaljeviC. J.GoliC. "A Fast Iterative Algorthm for a Shift Register Iitial State Recostructio Give the oisy Output Sequece". Lecture otes i Computer Sciece, Advaces i Cryptology - AUSCRYPT '90. ~01.453. pp.165-175. Spriger-Verlag. 1990. K.Zeg. C.H.Yag, T.R..Rao. "A Improved Liear Sydrome Algorithm i Cryptaalysis with Applicatios", to appear i Lecture otes i Computer Sciece, Advaces i Cryptology - CRYPTO '90. V.Chepyzhov, B.Smeets. "O a Fast Correlatio Attack o Stream Ciphers", EUROCRYPT "91. M. ZivkoviC, "A Aalysis of Liear Recurret Sequeces over the Field GF(2)". Ph.D. thesis. Uiversity of Belgrade, 1990. R.G.Gallager. "Low-Desity Parity-Check Codes". IRE Tras. Iform. Theory, vol. IT-8, Ja. 1962. pp.21-28.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback