Re: Simple balanced pair-wise function

From: Tom St Denis (tomstdenis_at_iahu.ca)
Date: 07/25/04 

Date: Sun, 25 Jul 2004 14:56:29 GMT

Mok-Kong Shen wrote:

> Provided that both A and B are uniform (and not correlated
> with each other somehow), I don't see where the 'leak' is.

You know the xor of two bits of the LFSR state. By your logic the following
LFSR cipher is secure.

a = lfsr();
b = lfsr();
ciphertext = plaintex xor (a xor b)

Which it most certainly is not.

Tom

Relevant Pages

  • Re: Pseudorandom Hashing
    ... > IIRC you XOR and feed back on the input, and just XOR on the output. ... Let me return to the topic of the LFSR. ... zeroes provided that the data going over the wire are random. ...
    (sci.electronics.design)
  • Re: 8 Bit Random Numbers
    ... an N-input XOR of its outputs, it's no longer an LFSR. ... "A linear feedback shift register is a shift ... Based PRNG", ...
    (sci.electronics.basics)
  • Re: 8 Bit Random Numbers
    ... I'm saying that if you modify an LFSR so that its input is no longer ... an N-input XOR of its outputs, ... simply stop calling whatever his circuit is a "LFSR" or a "XOR ... Based PRNG", ...
    (sci.electronics.basics)
  • The Linux /dev/random LFSR
    ... The Linux /dev/random code uses an LFSR as a stirring function. ... bits and XORs them against the current pool, ... this simple XOR is not cryptographically strong. ...
    (sci.crypt)
  • Re: Simple balanced pair-wise function
    ... >> You know the xor of two bits of the LFSR state. ... > If A and B are uniform, ... any output bit is simply a linear combination of input ...
    (sci.crypt)