Re: Self-shrinking MT19937 as stream cipher
- From: Peter Pearson <ppearson@xxxxxxxxxxxxxxx>
- Date: Thu, 28 Sep 2006 15:13:57 GMT
On 28 Sep 2006 12:38:48 +0200, Cristiano <cristiano.pi@xxxxxxxxxx> wrote:
The Berlekamp-Massey algorithm shows that the linear complexity of any bit
of the MT19937 is 19937, this means that taking the LSB of MT19937 is
equivalent to use a 19937-bit LFSR (also see a recent post on
sci.crypt.random-numbers).
In the paper "The Self-Shrinking Generator", Meier and Staffelbach showed
that the complexity of the attack for an N-bit self-shrinking LFSR is
O(2^(0.69*N)).
Using the LSB of MT19937 to get a self-shrinking generator, we get an attack
complexity of O(2^13757) which seems much bigger than the one of any stream
cipher.
Why don't use an MT19937 based self-shrinking generator as a stream cipher?
Although a low linear complexity is proof of insecurity, a high linear
complexity is *not* proof of security. It's similar to period length.
--
To email me, substitute nowhere->spamcop, invalid->net.
.
- Follow-Ups:
- Re: Self-shrinking MT19937 as stream cipher
- From: Cristiano
- Re: Self-shrinking MT19937 as stream cipher
- References:
- Self-shrinking MT19937 as stream cipher
- From: Cristiano
- Self-shrinking MT19937 as stream cipher
- Prev by Date: Re: Need Graph Isomorphism Algorithm De-bunked
- Next by Date: Re: Self-shrinking MT19937 as stream cipher
- Previous by thread: Self-shrinking MT19937 as stream cipher
- Next by thread: Re: Self-shrinking MT19937 as stream cipher
- Index(es):
Relevant Pages
|
