Computing the biases of parity-check relations

Anne Canteaut (INRIA Rocquencourt); Maria Naya-Plasencia (INRIA; Rocquencourt)

arXiv:0904.4412·cs.CR·April 29, 2009

Computing the biases of parity-check relations

Anne Canteaut (INRIA Rocquencourt), Maria Naya-Plasencia (INRIA, Rocquencourt)

PDF

TL;DR

This paper introduces exact formulas and a new algorithm for computing the bias of parity-check relations in cryptanalysis, improving the ability to distinguish keystream generators by analyzing their biases.

Contribution

The paper provides the first exact expressions for the bias of parity-check relations and a novel algorithm for their computation, enhancing cryptanalysis techniques.

Findings

01

Two exact formulas for bias calculation

02

A new algorithm for bias estimation

03

Simplified formulas for common cryptographic cases

Abstract

A divide-and-conquer cryptanalysis can often be mounted against some keystream generators composed of several (nonlinear) independent devices combined by a Boolean function. In particular, any parity-check relation derived from the periods of some constituent sequences usually leads to a distinguishing attack whose complexity is determined by the bias of the relation. However, estimating this bias is a difficult problem since the piling-up lemma cannot be used. Here, we give two exact expressions for this bias. Most notably, these expressions lead to a new algorithm for computing the bias of a parity-check relation, and they also provide some simple formulae for this bias in some particular cases which are commonly used in cryptography.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.