Some Remarks on the Cross Correlation Analysis of Pseudo Random Generators

Siegenthaler has shown how cross-correlation techniques can be applied to identify pseudo random generators consisting of linear feedback shift registers and a scrambling function 171. These techniques may allow to attack one register in such a generator at a time. The original algorithm needs O(R2'N) operations to identify one register. ( r denotes the length of the register examined, R the number of primitive polynomials of degree r. and N the minimal number of bits one has to observe ). Employing Walsh-Hadamard transform this analysis can be done in O(R(Rr+N)) operations [ 8 ] . We show that there exists a trade-off between the dimension of the Hadamard matrix and the number of bits required to compute the cross correlation coefficients. The complexity of this attack is O(R(r2f-6+26N)). The integer 6 can be selected so that the cost of the attack is minimized. The MSR-generator will serve as an example to demonstrate our algorithm. Furthermore we examine the correlation immunity of the S-boxes used in the DES.