Re: Criticism of a proposed stream cipher requested.



Francois Grieu <fgrieu@xxxxxxxxx> writes:
I suspect that there might be ways to trade abundance of known
plaintext against less time and/or memory; or perhaps a much more
devastating attack. But I fail to pinpoint that right now.

Isn't this a trivial linear algebra problem? Let K1...K100 be the
unknown key bits. Let P1...P100 be the known plaintext. Let C1,C2....
be the ciphertext. Let Si,j be the j'th bit of the square root of i.
So

Cn = K1*S1,n + K2*S2,n + ... + K100*S100,n + Pn

where the multiplication is in GF(2). Solve simultaneous equations to
get K. Am I misunderstanding the question and/or overlooking something
silly?
.