New Attacks on FCSR-based Stream Ciphers

Arshad Ali

Research output: ThesisDoctoral Thesis


This thesis presents a new family of cryptanalytic attacks on a class of binary
additive synchronous stream ciphers, the theory of which is based on the properties of 2-adic numbers. We refer to this new family of cryptanalytic attacks
as State Transition Attacks (STAs); we identify three variants of this class
of attack, namely Conventional State Transition Attacks (CSTAs), Fast State
Transition Attacks (FSTAs) and Improved State Transition Attacks (ISTAs).
These attack variants give rise to trade-offs between data, time and memory
complexities. The thesis describes STAs on a class of binary additive synchronous
stream ciphers whose keystream generators use l-sequences, which
are generated by binary Feedback with Carry Shift Registers (FCSRs). A new
theory of linearisation intervals for FCSR state update functions is also presented,
and results on correlations between the feedback bit and the Hamming
weights of the main and carry registers of Galois FCSRs are developed. These
theoretical findings are used to cryptanalyse an eSTREAM candidate known
as F-FCSR-H v2, as well as two variants of this cipher, known as F-FCSR-H
and F-FCSR-16. This cryptanalysis yields State Recovery Algorithms (SRAs)
for these ciphers. The cryptanalytic attacks on F-FCSR-H v2, F-FCSR-H and
F-FCSR-16 presented in this thesis are the most efficient attacks known so
far on these ciphers. The thesis also presents a FCSR key recovery algorithm
which works in conjunction with the SRAs in order to recover the effective key
used in these ciphers.
The thesis also presents various techniques, which can be considered as
pre-requisite for simulating new attacks on FCSR-based stream ciphers. In
order to describe these techniques, the thesis defines a small-scale variant of
the F-FCSR-H type keystream generators and names it as T-cipher. The
thesis develops a statistical analysis for the T-cipher and uses it to describe
various aspects of the sequences generated by such ciphers. These include
computing the frequency distribution of linearisation intervals, formulating
and solving systems of equations in these intervals. The thesis further presents
enumeration and pseudocode algorithms for solving systems of equations in
the finite field F2.
Original languageEnglish
Awarding Institution
  • Royal Holloway, University of London
Award date1 Jan 2012
Publication statusUnpublished - 2011

Cite this