Improved Analysis of the BMGL Keystream Generator
نویسندگان
چکیده
In this paper we give an improved security analysis of the NESSIE submission BMGL. The new analysis improves also asymptotically some of the theoretical results on which the BMGL keystream generator is based. We also give an alternative, bootstrapped version of the generator which is implementation-wise very close to the original generator and offers even stronger provable security properties.
منابع مشابه
Tweak Review: BMGL
In [HNa] the submitters generalize the BMGL generator in order to allow keystream synchronization with random access properties. This synchronization is done by an initialization vector. Furthermore they present a sketch for a security proof based on the assumption that the iterated Rijndael mapping is hard to invert even if an attacker has a number of extra plaintext-ciphertext pairs. In [HNb]...
متن کاملA Generalized Interface for the NESSIE Submission BMGL
In [3] a provably secure synchronous keystream generator based on the Rijndael block cipher is described. This document gives a more general interface for the cipher and investigates effects on the provable security properties.
متن کاملBMGL: Synchronous Key-stream Generator with Provable Security (Revision 1)
We propose a construction of an efficient, synchronous keystream generator with provable security properties in response to the NESSIE call for primitives. The cryptographic core of the stream cipher is the block cipher Rijndael. We show that a non-trivial attack on the cipher reduces to an attack on Rijndael. The construction uses an optimization of earlier work on pseudorandom generators by B...
متن کاملNESSIE Document NES/DOC/SAG/WP3/018/3∗† About the NESSIE Submission BMGL: Synchronous Key-stream Generator with Provable Security‡
• Using a hybrid argument for probability distributions it is shown that given an adversaryA who is capable of distinguishing the complete pseudorandom sequence (resulting from λ steps of the BMGL generator) from truely random bits (with advantage at least δ) there must exist a related adversary B and a fixed iteration i (of the one-way function f) such that B can distinguish the result of the ...
متن کاملAn Improved Attack on the Shrinking Generator
This work proposes a known-plaintext attack on the Shrinking Generator through its characterization by means of Cellular Automata. It is based on the computation of the characteristic polynomials of sub-automata and on the generation of the Galois field associated to one of the Linear Feedback Shift Registers components of the generator. The proposed algorithm allows predicting a large number o...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2001