Lec 10: Ch 3(Stream Cipher Systems)
……
Computer & Data Security
3.8 MEASURE OF RUNDOMNESS:
3.8.1 DEFINITION:
Run: sequence of identical bits (0 or 1) Ex: 01110000111
Runs are 0,111, 0000, 111
Gap: runs of zeroes
000011 contain the gap 0000
Block: runs of ones
1111001110 contain blocks 1111,111 For with period P , Sm + p = Sm
Auto correlation function: For any constant d, if we compare the
sequence of S with Sd (after shifting d displacement), then Auto
correlation function C(t) = (A - D) / P Where :
A = no. Of identical bits.
P = period of the sequence
D = period of different bits
d = displacement 0 <= d < p
RANDOMNESS CHARACTERISTICS:
1. If p is even then ones equal zeros, other wise they differ by one only.
2. 1/2
of
runs with length of 1 , 1/4 of runs with length of 2 ,
generally i / 2i = i.
3. Auto correlation function (for d < > 0 out of phase) has constant value.
Where d is the displacement.
49
Lec 10: Ch 3(Stream Cipher Systems)
……
Computer & Data Security
3.8.2 RUNDOMNESS TESTS :
1. FREQUENCY TEST: Used to ensure that there is roughly the same number
of O's and 1's using the following formula:
X2 =(n0 – n1)2 / n
X2 = 0 if n0 = n1
For good sequence 0 < X2 < 3.84
2. SERIAL TEST: The serial test is used to ensure that the transition
probabilities are reasonable. This will give as some level of
confidence that each bit is independent of its predecessor
suppose .01 occurs n01, 10 occurs n10, 00 occurs n00…and
11 occurs n11 times.
n01+n10=n0 or n0-1 , n10+n11 = n01 or n1-1 and
N10 + N01 + N00 + N11 = N-1
X2 = 4/n - 1 Σ(nij)2 - 2/n Σ(ni)2 + 1
For good sequence X2 <= 5.99.
Ideally we want: n01 = n10 = n00 = n11 ≈ n-1/4
3. POKER TEST: For any binary sequence of length n , there are 2m different
possibilities. In this test we partition our sequence into blocks
of size m, and then we count the frequency of each type of
sections of length m in the sequence. If the frequencies are
f0, f1,.. fm-1 We compute:
X2 = 2m /F Σ((Xi)2 / mi) – F
Where F = Σ fi = n/m
50
Lec 10: Ch 3(Stream Cipher Systems)
……
Computer & Data Security
4. AUTO CORRELATION TEST: For a given sequence of n bits S1,..Sn then
A (d) = ∑ai ai+d
0 <= d <= n-1
A (0) =∑ai = ni
If the sequence has n0 of zeros and n1 of ones then
µ= n12 (n-d) / n2
The test will pass if
X2 = (A(d)- µ)2 /µ
X2 <=3.841 for all values of d
5. RUNS TEST: Divide the sequence into blocks and gaps, let r0i be the
number of gaps of length i and r1i be the number of blocks
of length i. If r0 and r1 are number of gaps and blocks
respectively then: r0 = ∑roi and r1 = ∑ r11
This test applied after the sequence had passed the serial test,
then we would expect about 1/2 the gaps with length 1 , 1/4 of
gaps of length 2, and so on. Ideally 1/2i of runs having length i.
Example: Given the following sequence of minimal length of 31.
0101011101100011111001101001000
1. Frequency test
n0=15
n1=31-15=16
X2 = (15-16)2 / n = (-1)2 /31 = 1/31 = 0.0322 0.322 < 3.841
51
Pass
Lec 10: Ch 3(Stream Cipher Systems)
……
Computer & Data Security
2.Serial test:
n00=6 , n01=8 , n10=8 , n11=8
X2 = 4/n-1 (n002 + n012 + n102 + n112 ) - 2/n (n02+n12) + 1
= 4/30 (36 + 64 + 64 + 64) - 2/31(152 +162) + 1
=30.4 - 31.032 + 1 = 0.368 0.368 < 5.99
Pass
Also
n00+ n01 = n0 -1 =6+8 =14 = n0 - 1
n11+n10=n11 =8+8=16=n1
n00+n01+n10+n11 = 6+8+8+8= 30 = n-1
n-1/4 = 30/4 = 7.5 = 8
3.Poker test
n=31 , n=25 then m=5
F=n/m =31/5= 6 Then we have 6 blocks of 5 digit each
01010 11101 10001 11110 01101 00100 0
We count Xi where i is number of ones in each block
X0=0 (‫)عدد البلىك التي فيها عدد الىاحدات يساوي صفر‬
X1=1 (1 ‫)عدد البلىك التي فيها عدد الىاحدات يساوي‬
X2=2 (2 ‫)عدد البلىك التي فيها عدد الىاحدات يساوي‬
X3=1 (3‫)عدد البلىك التي فيها عدد الىاحدات يساوي‬
X4=2
(4 ‫)عدد البلىك التي فيها عدد الىاحدات يساوي‬
X5 = 0 (5 ‫)عدد البلىك التي فيها عدد الىاحدات يساوي‬
X2 = 2m /F Σ((Xi)2 / mi) – F
Where F = Σ fi = n/m
X2 = 25/6 ∑(xi)2/5i - 6
where xi = x0,x1,x2,x3,x4,x5= 0,1,2,1,2,0
WHERE
X2 = 5.33 ( 02/5*0 + 12/5*1 + 22/5*2 + ….) - 6
52
i = 0 ,1,2,3,4,5
Lec 10: Ch 3(Stream Cipher Systems)
……
Computer & Data Security
= 5.33(0 + 1/5 + 4/10 + 1/10 + 4/5 + 0) - 6
=5.33(2 + 4 + 1 + 8/10) – 6
=5.33*15/10 - 6 =1.995
Checking x2 table with degree of freedom of 22 - 1 = 31 then the test is pass
4.runs test
r0=9 , r1=8 , n01=8= r0-1 , n10=8= r1
n11 =n1 –r1 = 16 - 8 = 8
n00 = 6= n0-r0 = 15-9 = 6
r01=5
r11=4
r02=2
r12=2
r03=2
r13=1
r14=0
r15=1
5• Auto correlation test
n0= 15 n1=16
µ= (16)2 (31-l) / (31)2 =7.99 for d=1
µ = 7.72
for d=2
µ = 7.45
for d=3
010101110110001111100110100100
101011101100011111001101001000
A(1)=8
X2 = (8 - 7.99)2 / 7.99 = 0.0000125
53
Lec 10: Ch 3(Stream Cipher Systems)
……
Computer & Data Security
010101110110001111100110100100
010111011000111110011010010000
A(2)=8
X2=(8-7.72)2/ 7.72= 0.01
010101110110001111100110100100
101110110001111100110100100000
A(3)=8
X2 = (8-7.45)2 / 7.45 = 0.04 And so on
X2 <= 3.84 for all value of d
3.9 STREAM CIPHER CRYPTANALYSIS:
Stream ciphers have a wide variety of design choices, and hence, a large
number of complex stream generators have been designed with different
periods and linear complexities. On the other hand different approaches have
been used by many researchers to analyze stream ciphers, and have
successfully cracked many of such systems.
One of the earliest approaches are the matrix approach,and the
Berlekamp Massey approach. Both methods used a known-plaintext attack to
determine the linear equivalence and the primitive polynomial of the shift
register.
Thomas Siegenthler presented a divide-and-conquer approach, which
often called correlations attack, and shown that correlation immunity can be
precisely defined. The basic idea behind correlation attack is to identify some
correlation between the output of the generator and the output of one of its
internal pieces, then by observing the output sequence, information can be
54
Lec 10: Ch 3(Stream Cipher Systems)
……
Computer & Data Security
obtainer' about the internal output. Using the collected information and other
correlation about other internal output until the entire generator is broken.
More efficient correlation attack based on using algebraic tools to determine
the LFSR instead of the exhaustive search, this is called fast correction attack.
Artificial neural networks is been used in a known-plaintext attack against
linear feedback shift registers to obtain the linear equivalence, characteristic
polynomial, and restore missing bits in the output sequences of the shift
register. More recently, two ciphertext-only attack researches has been
introduced; the first one uses Genetic Algorithms while the seco nd one uses
Adaptive Genetic Programming. Both researches use the statistical properties
of the natural language heavily in formulating the fitness function. These
language features make the ciphertext-only attack possible, since it is used for
measuring the fitness of the individual programs in a population of the genetic
programming.
55