A Proposed Keystrem Genertor Bsed on LFSRs Adel M Slmn Bghdd College for Economics Sciences 1
2
2012 مجلة كلية بغداد للعلوم الاقتصادية الجامعة العدد الرابع و الثلاثون UAbstrct A strem cipher is system in which we fed finite key in order to produce infinite key strem to encrypting texts A strem cipher is used widely becuse of its security, speed, ccurcy, nd high flexibility in use Most of these systems re bsed on Liner Feedbck Shift Registers in order to produce wht is clled key strem which must be pseudo rndom numbers becuse of its boolen functions which is used s shift registers In this pper we proposed key strem genertor lgorithm bsed on feedbck shift registers المستخلص التشفير الانسيابي هو نظام يتم تغذيته بمفتاح محدود الطول من اجل انتاج مفتاح انسيابي غير محدود الطول لغرض تشفير النصوص التشفير الانسيابي يستخدم بشكل واسع بسبب سريته سرعته دقته والمرونة في استخدامه اغلب هذه الانظمة تستند الى المسجل ال ازحف الخطي لغرض انتاج المفتاح الانسيابي والذي يجب ان يكون على شكل ارقام شبه عشواي ية بسبب الدوال البوليانية المستخدمة على شكل مسجلات ازحفة نقدم مقترح لخوارزمية مولد مفتاح عشواي ي يعتمد على المسجل ال ازحف ذو التغذية المرتدة في هذا البحث Key words: Liner feed bck shift registers, Boolen function, Complexity for solving liner equtions 1- Introduction: Strem cipher is n importnt method for informtion encryption A strem cipher is symmetric cipher which opertes with time-vrying trnsformtion on individul plintext digits Strem ciphers typiclly encrypt dt efficiently nd hve very low memory requirements nd therefore cheper to implement in limited scenrios Strem cipher techniques re usully best for the cses where the mount of dt is either unknown, or continuous such s network strems A strem cipher genertes wht is clled keystrem ( sequence of bits used s key) Encryption is ccomplished by combining the keystrem with the plintext, usully with the bitwise XOR opertion The genertion of the keystrem cn be independent of the plintext nd ciphertext[1] Strem ciphers hve severl dvntges which mke them suitble for some pplictions Most notbly, they re usully fster nd hve lower hrdwre complexity thn block ciphers They re lso pproprite when buffering is limited, since the digits re individully encrypted nd decrypted[2] A synchronous strem cipher is one in which the keystrem is generted independently of the plintext messge nd of the ciphertext The encryption process of synchronous strem cipher cn be described by the equtions 3
A Proposed Keystrem Genertor Bsed on LFSRs Adel M Slmn σ i + 1 = f ( σ i, k), zi = g( σ i, k), c = h( z, m ) i i i where σ 0 is the initil stte nd my be determined from the key k, f is the nextstte function, g is the function which produces the keystrem z i, nd h is the output function which combines the keystrem nd plintext m i to produce ciphertext c i The encryption nd decryption processes re depicted in Figure 1 [3] Figure 1: Generl model of synchronous strem cipher 2- Fundmentl Concepts : 2-1- Liner Feedbck Shift Registers (LFSRs): Are mostly used in mny keystrem genertors due to their simplicity but inherent linerity of LFSRs not sufficient to provide security to strem ciphers [2] Liner feedbck shift registers (LFSRs) re used in mny of the keystrem genertors tht hve been proposed in the literture There re severl resons for this: [3] 1 LFSRs re well-suited to hrdwre implementtion 2 They cn produce sequences of lrge period 3 They cn produce sequences with good sttisticl properties 4 Becuse of their structure, they cn be redily nlyzed using lgebric techniques A good strt is to use Liner Feedbck Shift Register (LFSR) for chieving good distribution The direct output of n LFSR is not good keystrem genertor since ech symbol produced is simply liner combintion of 4
2012 مجلة كلية بغداد للعلوم الاقتصادية الجامعة العدد الرابع و الثلاثون the previous symbols, nd thus very esy to predict Nevertheless, LFSRs re widely used components inside strem ciphers[5] An LFSR is device mde up by registers, ble to hold one symbol t time The symbols re elements from field Fq, over which we hve chosen to define the LFSR In strem cipher pplictions we often hve q=2 (binry field) or some extension field of the binry field q=2 W, where W is the symbol size of the strem cipher Initilly we cn think of n LFSR s hrdwre construction, though it is very esy to implement in softwre s well Thus we ssume system clock which is responsible for the timing of ll events Figure 2 shows generl LFSR, where the circles denote multipliction with the constnt c i nd is the field ddition opertion At ech clocking of the LFSR, the registers red new symbol from their respective input, nd s the registers re coupled in series, the symbols move forwrd t ech clocking The first register receives new symbol which is liner combintion of the symbols found in the registers fter the previous clocking The exct liner combintion used for producing the feedbck symbol is determined by the feedbck coefficients c 0, c 1,, c l shown in Figure 2 Since we need the ctul feedbck connection c 0 to get ny symbols into the register, one normlly ssumes c 0 = 1 As we do not need more registers thn necessry to mke the feedbck connection work, we lso ssume c l 0 nd define the length of the LFSR to be l At ech time t 0 the device is clocked, Figure 2: Generl form of Liner Feedbck Shift Register (LFSR) of length L nd we obtin new symbol st Fq t the output of the device Due to the liner feedbck, the symbols st will lwys fulfill the liner recurrence eqution[5] 5
A Proposed Keystrem Genertor Bsed on LFSRs Adel M Slmn In figure 3 below it shown how the registers could be shifted Figure 3: Shift Register 2-1-1- Polynomils: [6] A polynomil f(x) is clled irreducible if f(x) cnnot be fctored s product of polynomils of smller degree Otherwise it is clled reducible (note tht the definition of irreducible is closely relted to the definition of prime numbers) Whether polynomil is irreducible or not, strongly depends on the ground field For exmple the polynomil x 2 +1 is irreducible over the rtionles but is reducible over the complex numbers (x 2 +1=(x+i)(x-i)) Let f(x) nd g(x) be two polynomils, f(x)=0 Then there exists unique representtion of the form g(x) = q(x) f(x) + r(x) with degree (r(x)) degree (f(x)) Theorem: Let f(x) be n irreducible polynomil over GF(2) of degree L Then there exists smllest positive integer P such tht the residue of x p modulo f(x) is 1 (ie tht f(x) divides x p -1), moreover P divides 2 L -1 P is clled the period of f(x) An irreducible polynomil with mximl period P=2 L -1 is clled Primitive A LFSR sequence with primitive feedbck polynomil is clled mximl length shift register sequence (in short m-sequence) (Note tht this definition is justified by the fct tht LFSR of length L cnnot produce sequence of period greter thn 2 L -1) 6
2012 مجلة كلية بغداد للعلوم الاقتصادية الجامعة العدد الرابع و الثلاثون 2-2- Boolen Functions: [7] A Boolen vrible cn only tke two vlues "Flse" = 0 "True" = 1 A Boolen function (=function with Boolen rguments nd Boolen vlues) cn be described in two wys : 1) The Boolen description uses the opertions AND OR NOT 2) The lgebric description uses the opertions XOR AND "XOR" corresponds to ddition modulo 2, "AND" corresponds to multipliction modulo 2 Theorem: Every liner utonomous finite stte mchine A=(S, GF(2), f, g) is equivlent to liner feedbck shift register Moreover the length of the LFSR cnnot be greter thn dimension of S This description s liner feedbck shift register cn be considered s the norml form of liner utonomous finite stte mchine 2-3- Complexity for solving liner equtions: [7] The number of opertion for testing solution is O(L 2 ) Thus the number of opertions for solving system of liner equtions cnnot be smller thn O(L 2 ) in generl The system of liner equtions for doing the recursion nlysis is of specil type In fct, the mtrix of the system is given by 7
A Proposed Keystrem Genertor Bsed on LFSRs Adel M Slmn L L 2L 1 L + 1 2 L 2 L 1 L 2L 3 0 1 2 L 1 Thus the complexity for doing the recursion nlysis could be smller thn the complexity for solving generl type system of liner equtions An efficient lgorithm for doing the recursion nlysis is the Berlekmp- Mssey-Algorithm If requires O(L 2 ) opertions for doing the recursion nlysis of sequence with complexity L 3- The proposed key strem genertor: The proposed genertor contins two prts s shown in figure 4 below: 1- Five LFSRs with length (29,31,37,41,43) nd the tps (29,3), (31,3), (37,7,3), (41,11,5) nd (43,11,3) these polynomils re irreducible nd primitive which genertes mximl period The initiliztion of this prt is the secret key (25 chrcters, 5bit per chrcter) from position 1 to 25 for ech register, then by repeting the secret key ie the first chrcter in position 26 nd the second one in position 27 nd so on The finl position in ech register contins 1 Choosing the content of position 13 for movement if it is (0) then the movement of the register will be two clocks nd if it is (1) then the movement will be one clock Choose two bytes from position 16 nd 23 to select one of them depends on the summtion of the first register (with length 29 module 2) if (0) then choose position 16 otherwise select position 23 2- Rndom Access Memory: rndom numbers from 0 to 31 with 32 columns nd 4 rows nd get 5 bits s n ddress to determine the column from the results of the feedbck for the LFSRs of prt one And two bits (position 2 nd 4) from the discrded byte to determine the row 8
2012 مجلة كلية بغداد للعلوم الاقتصادية الجامعة العدد الرابع و الثلاثون Figure 4: The Proposed Key Strem Genertor 9
A Proposed Keystrem Genertor Bsed on LFSRs Adel M Slmn Finlly get the two bytes ech with 5 bits the first one from the selector of prt 1, nd the second one from the RAM nd by xoring the two bytes we get 5 bits s key strem 4- System Complexity : The complexity of this genertor lgorithm is 2 25 for ech register so the complexity of prt 1 is 2 5 2 5 2 5 2 5 2 5 = 2 125 nd in prt 2 ech loction 2 5 nd ech row contin 32 positions so (2 5 ) 32 nd 4 rows ie 2 2 then the complexity is 2 160 2 2 = 2 162 So the whole complexity of this lgorithm is 2 125 2 162 = 2 287 5- Sttisticl Test : The output is pseudo rndom sequence becuse we pplied the five bsic stndrd sttisticl tests: Frequency test, seril test, poker test, run test nd utocorreltion test to the smples of the generted sequences 100 smple sequences were used, ech smple hs 50 Kbits for level of significnce α=001the tested smples pssed s follows: 100 smples pssed the frequency test, nd 0 smples filed 100 smples pssed the seril test, nd 0 smples filed 100 smples pssed the poker test, nd 0 smples filed 100 smples pssed the runs test, nd 0 smples filed 100 smples pssed the utocorreltion test, nd 0 smples filed 6- Conclusions: In this pper proposed strem cipher lgorithm bsed on the LFSRs rchitecture hs been proposed It provided the detiled description of the model design with the necessry considertions for the model components The proposed strem cipher model consists of LFSRs with different lengths s well s different initil sttes nd Rndom Access Memory (Rndom numbers from 0 to 31 with 32 columns nd 4 rows) 10
2012 مجلة كلية بغداد للعلوم الاقتصادية الجامعة العدد الرابع و الثلاثون References [1] R A Rueppel "Anlysis nd design of strem ciphers" Springer-Verlg, 1986 [2] Arnult, F, Berger, T F-FCSR: design of new clss of strem ciphers, Lecture notes in computer sciences, vol 3557, pp 83 97 Springer, Heidelberg 2005 [3] A Menezes, P vn Oorschot, nd S Vnstone, "Hndbook of Applied Cryptogrphy", CRC Press, 1996 [4] AKenso, Modified self-shrinking genertor, Journl of Computers nd Electricl Engineering vol 36, pp 993 1001, 2010 [5] P Ekdhl, "On LFSR Bsed Strem Ciphers Anlysis nd Design", LUND Univercity, Ph D Thesis, 2003 [6] EJ Brbeu, "Polynomils", 1st ed 1989, 3rd printing, 1989 [7] Y Crm nd P L Hmmer, "Boolen Functions Theory, Algorithms, nd Applictions", 2008 11