Optimizing the placement of tap positions and guess and determine cryptanalysis with variable sampling

TL;DR

This paper introduces algorithms for optimal tap position selection in LFSR-based ciphers and extends cryptanalytic techniques with variable sampling to improve attack effectiveness, revealing vulnerabilities in some real-world ciphers.

Contribution

It proposes novel algorithms for tap position optimization and extends GFSGA attacks with variable sampling, enhancing cryptanalysis of LFSR and NFSR-based ciphers.

Findings

Standard tap selection criteria are insufficient for optimal security.

Proposed algorithms outperform traditional methods in resisting cryptanalysis.

GFSGA with variable sampling can effectively attack certain cipher designs.

Abstract

In this article an optimal selection of tap positions for certain LFSR-based encryption schemes is investigated from both design and cryptanalytic perspective. Two novel algorithms towards an optimal selection of tap positions are given which can be satisfactorily used to provide (sub)optimal resistance to some generic cryptanalytic techniques applicable to these schemes. It is demonstrated that certain real-life ciphers (e.g. SOBER-t32, SFINKS and Grain-128), employing some standard criteria for tap selection such as the concept of full difference set, are not fully optimized with respect to these attacks. These standard design criteria are quite insufficient and the proposed algorithms appear to be the only generic method for the purpose of (sub)optimal selection of tap positions. We also extend the framework of a generic cryptanalytic method called Generalized Filter State Guessing Attacks (GFSGA), introduced in [26] as a generalization of the FSGA method, by applying a variable sampling of the keystream bits in order to retrieve as much information about the secret state bits as possible. Two different modes that use a variable sampling of keystream blocks are presented and it is shown that in many cases these modes may outperform the standard GFSGA mode. We also demonstrate the possibility of employing GFSGA-like attacks to other design strategies such as NFSR-based ciphers (Grain family for instance) and filter generators outputting a single bit each time the cipher is clocked. In particular, when the latter scenario is considered, the idea of combining GFSGA technique and algebraic attacks appears to be a promising unified cryptanalytic method against NFSR-based stream ciphers.