HOME

TheInfoList



Click Here for Items Related To - Alternating Step Generator
OR:
Alternating Step Generator on:   [Wikipedia]   [Google]   [Amazon]

In
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...
, an alternating step generator (ASG) is a cryptographic pseudorandom number generator used in stream ciphers, based on three linear-feedback shift registers. Its output is a combination of two LFSRs which are stepped (clocked) in an alternating fashion, depending on the output of a third LFSR. The design was published in 1987 and patented in 1989 by C. G. Günther.


Overview

Linear-feedback shift registers (LFSRs) are, statistically speaking, excellent pseudorandom generators, with good distribution and simple implementation. However, they cannot be used as-is because their output can be predicted easily. An ASG comprises three linear-feedback shift registers, which we will call LFSR0, LFSR1 and LFSR2 for convenience. The output of one of the registers decides which of the other two is to be used; for instance if LFSR2 outputs a 0, LFSR0 is clocked, and if it outputs a 1, LFSR1 is clocked instead. The output is the
exclusive OR Exclusive or or exclusive disjunction is a logical operation that is true if and only if its arguments differ (one is true, the other is false). It is symbolized by the prefix operator J and by the infix operators XOR ( or ), EOR, EXOR, , ...
of the last bit produced by LFSR0 and LFSR1. The initial state of the three LFSRs is the key. Customarily, the LFSRs use primitive polynomials of distinct but close degree, preset to non-zero state, so that each LFSR generates a
maximum length sequence A maximum length sequence (MLS) is a type of pseudorandom binary sequence. They are bit sequences generated using maximal linear-feedback shift registers and are so called because they are periodic and reproduce every binary sequence (except ...
. Under these assumptions, the ASG's output demonstrably has long period, high linear complexity, and even distribution of short subsequences. Example code in C: /* 16-bit toy ASG (much too small for practical usage); return 0 or 1. */ unsigned ASG16toy(void) An ASG is very simple to implement in hardware. In particular, contrary to the shrinking generator and self-shrinking generator, an output bit is produced at each clock, ensuring consistent performance and resistance to
timing attack In cryptography, a timing attack is a side-channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, a ...
s.


Security

Shahram Khazaei, Simon Fischer, and Willi Meier give a cryptanalysis of the ASG allowing various tradeoffs between time complexity and the amount of output needed to mount the attack, e.g. with asymptotic complexity O(L^2.2^) and O(2^) bits, where L is the size of the shortest of the three LFSRs.


References

* Schneier, Bruce. ''Applied Cryptography'' (p383-384), Second Edition, John Wiley & Sons, 1996. {{cryptography navbox , stream Stream ciphers de:Schlüsselstromgenerator