The Nonlinear Filter Model of Stream Cipher Redivivus

TL;DR

This paper revives the nonlinear filter model for stream ciphers by constructing secure, efficient Boolean functions, proposing new cipher designs with high security levels and low implementation costs, comparable or superior to existing ciphers.

Contribution

The paper introduces new Boolean functions that enable secure and efficient stream cipher designs based on the nonlinear filter model, addressing a long-standing gap in cryptographic methodology.

Findings

Proposes stream ciphers secure against known attacks at multiple security levels.

Provides gate count estimates comparable to or better than existing ciphers like Trivium and Grain-128a.

Achieves low gate count for 256-bit security, unmatched by current designs.

Abstract

The nonlinear filter model is an old and well understood approach to the design of secure stream ciphers. Extensive research over several decades has shown how to attack stream ciphers based on this model and has identified the security properties required of the Boolean function used as the filtering function to resist such attacks. This led to the problem of constructing Boolean functions which provide adequate security \textit{and} at the same time are efficient to implement. Unfortunately, over the last two decades no fully satisfactory solutions to this problem appeared in the literature. The lack of good solutions has effectively led to the nonlinear filter model becoming more or less obsolete. This is a big loss to the cryptographic design toolkit, since the great advantages of the nonlinear filter model are its simplicity, well understood security and the potential to provide low cost solutions for hardware oriented stream ciphers. In this paper, we revive the nonlinear filter model by constructing appropriate Boolean functions which provide required security and are also efficient to implement. We put forward concrete suggestions of stream ciphers which are $\kappa$-bit secure against known types of attacks for $\kappa=80$, 128, 160, 192, 224 and 256. For the 80-bit and the 128-bit security levels, the gate count estimates of our proposals compare quite well to the famous ciphers Trivium and Grain-128a respectively, while for the 256-bit security level, we do not know of any other stream cipher design which has such a low gate count.