Statistical distinguishers for irregularly decimated linear recurring sequences

Abstract

A clock-controlled linear feedback shift register (LFSR) is a simple keystream generator consisting of an LFSR whose clock is controlled by another LFSR so that the output is an irregularly decimated LFSR sequence. Statistical distinguishers for keystream generators are algorithms whose objective is to distinguish the keystream sequence from a purely random sequence. Previously proposed statistical distinguishers for clock-controlled LFSRs are based on detecting binary linear relations in the keystream sequence that hold with a probability sufficiently different from one half. In this paper, a novel approach based on the correlation analysis of clock-controlled LFSRs is introduced. It significantly reduces the required computation time and essentially consists of a probabilistic reconstruction of bits in the regularly clocked LFSR sequence that satisfy the LFSR recurrence or any linear recurrence derived from low-weight multiples of the LFSR characteristic polynomial. The keystream sequence length and the computation time required for a reliable statistical distinction are analyzed both theoretically and experimentally. The new approach shows that there is no need to deal with the majority bits of blocks of LFSR bits as proposed recently. If individual bits or blocks of bits are considered instead, then the underlying probabilities can be computed theoretically instead of heuristically, which in turn allows a simple and general theoretical analysis of the keystream sequence length required