State convergence in bit-based stream ciphers

Well-designed initialisation and keystream generation processes for stream ciphers should ensure that each key-IV pair generates a distinct keystream. In this paper, we analyse some ciphers where this does not happen due to state convergence occurring either during initialisation, keystream generation or both. We show how state convergence occurs in each case and identify two mechanisms which can cause state convergence.

Analysis of nonlinear sequences and streamciphers

Streamciphers are common cryptographic algorithms used to protect the confidentiality of frame-based communications like mobile phone conversations and Internet traffic. Streamciphers are ideal cryptographic algorithms to encrypt these types of traffic as they have the potential to encrypt them quickly and securely, and have low error propagation. The main objective of this thesis is to determine whether structural features of keystream generators affect the security provided by stream ciphers.These structural features pertain to the state-update and output functions used in keystream generators. Using linear sequences as keystream to encrypt messages is known to be insecure. Modern keystream generators use nonlinear sequences as keystream.The nonlinearity can be introduced through a keystream generator's state-update function, output function, or both. The first contribution of this thesis relates to nonlinear sequences produced by the well-known Trivium stream cipher. Trivium is one of the stream ciphers selected in a final portfolio resulting from a multi-year project in Europe called the ecrypt project. Trivium's structural simplicity makes it a popular cipher to cryptanalyse, but to date, there are no attacks in the public literature which are faster than exhaustive keysearch. Algebraic analyses are performed on the Trivium stream cipher, which uses a nonlinear state-update and linear output function to produce keystream. Two algebraic investigations are performed: an examination of the sliding property in the initialisation process and algebraic analyses of Trivium-like streamciphers using a combination of the algebraic techniques previously applied separately by Berbain et al. and Raddum. For certain iterations of Trivium's state-update function, we examine the sets of slid pairs, looking particularly to form chains of slid pairs. No chains exist for a small number of iterations.This has implications for the period of keystreams produced by Trivium. Secondly, using our combination of the methods of Berbain et al. and Raddum, we analysed Trivium-like ciphers and improved on previous on previous analysis with regards to forming systems of equations on these ciphers. Using these new systems of equations, we were able to successfully recover the initial state of Bivium-A.The attack complexity for Bivium-B and Trivium were, however, worse than exhaustive keysearch. We also show that the selection of stages which are used as input to the output function and the size of registers which are used in the construction of the system of equations affect the success of the attack. The second contribution of this thesis is the examination of state convergence. State convergence is an undesirable characteristic in keystream generators for stream ciphers, as it implies that the effective session key size of the stream cipher is smaller than the designers intended. We identify methods which can be used to detect state convergence. As a case study, theMixer streamcipher, which uses nonlinear state-update and output functions to produce keystream, is analysed. Mixer is found to suffer from state convergence as the state-update function used in its initialisation process is not one-to-one. A discussion of several other streamciphers which are known to suffer from state convergence is given. From our analysis of these stream ciphers, three mechanisms which can cause state convergence are identified.The effect state convergence can have on stream cipher cryptanalysis is examined. We show that state convergence can have a positive effect if the goal of the attacker is to recover the initial state of the keystream generator. The third contribution of this thesis is the examination of the distributions of bit patterns in the sequences produced by nonlinear filter generators (NLFGs) and linearly filtered nonlinear feedback shift registers. We show that the selection of stages used as input to a keystream generator's output function can affect the distribution of bit patterns in sequences produced by these keystreamgenerators, and that the effect differs for nonlinear filter generators and linearly filtered nonlinear feedback shift registers. In the case of NLFGs, the keystream sequences produced when the output functions take inputs from consecutive register stages are less uniform than sequences produced by NLFGs whose output functions take inputs from unevenly spaced register stages. The opposite is true for keystream sequences produced by linearly filtered nonlinear feedback shift registers.

Practical attack on NLM-MAC scheme

The NLM stream cipher designed by Hoon Jae Lee, Sang Min Sung, Hyeong Rag Kim is a strengthened version of the LM summation generator that combines linear and non-linear feedback shift registers. In recent works, the NLM cipher has been used for message authentication in lightweight communication over wireless sensor networks and for RFID authentication protocols. The work analyses the security of the NLM stream cipher and the NLM-MAC scheme that is built on the top of the NLM cipher. We first show that the NLM cipher suffers from two major weaknesses that lead to key recovery and forgery attacks. We prove the internal state of the NLM cipher can be recovered with time complexity about nlog7×2, where the total length of internal state is 2⋅n+22⋅n+2 bits. The attack needs about n2n2 key-stream bits. We also show adversary is able to forge any MAC tag very efficiently by having only one pair (MAC tag, ciphertext). The proposed attacks are practical and break the scheme with a negligible error probability.

求和生成器的相关性分析

J.Dj,Golic运用线性序列电路逼进的方法来分析具有任意个输入的求和生成器,他猜想可以通过这种方法来获得所有具有最大相关系数的输入和输出线性函数对,但是他未给出证明。利用Walsh变换技术证明了当n是偶数的时候这个猜想成立。另外,还研究了求和生成器的相关系数总和,发现它与带1比特组合器的相关系数总和非常类似。

A resonant based Marx generator

The configuration proposed in this paper aims to generate high voltage for pulsed power applications. The main idea is to charge two groups of capacitors in parallel through an inductor and take the advantage of resonant phenomena in charging each capacitor up to a double input voltage level. In each resonant half a cycle, one of those capacitor groups are charged, and finally the charged capacitors will be connected together in series and the summation of the capacitor voltages can be appeared at the output of the topology. This topology can be considered as a modified Marx generator which works based on the resonant concept. Simulation models of this converter have been investigated in Matlab/SIMULINK platform and the attained results fully satisfy the proper operation of the converter.

A solid state Marx generator with a novel configuration

The new configuration proposed in this paper for Marx Generator (MG) aims to generate high voltage for pulsed power applications through reduced number of semiconductor components with a more efficient load supplying process. The main idea is to charge two groups of capacitors in parallel through an inductor and take advantage of resonant phenomenon in charging each capacitor up to a double input voltage level. In each resonant half a cycle, one of those capacitor groups are charged, and eventually the charged capacitors will be connected in series and the summation of the capacitor voltages can be appeared at the output of the topology. This topology can be considered as a modified Marx generator which works based on the resonant concept. Simulated models of this converter have been investigated in Matlab/SIMULINK platform and a prototype set up has been implemented in laboratory. The acquired results of either fully satisfy the anticipations in proper operation of the converter.

A solid state Marx generator with a novel configuration

The new configuration proposed in this paper for Marx Generator (MG.) aims to generate high voltage for pulsed power applications through reduced number of semiconductor components with a more efficient load supplying process. The main idea is to charge two groups of capacitors in parallel through an inductor and take the advantage of resonant phenomenon in charging each capacitor up to a double input voltage level. In each resonant half a cycle, one of those capacitor groups are charged, and eventually the charged capacitors will be connected in series and the summation of the capacitor voltages can be appeared at the output of the topology. This topology can be considered as a modified Marx generator which works based on the resonant concept. Simulated models of this converter have been investigated in Matlab/SIMULINK platform and the acquired results fully satisfy the anticipations in proper operation of the converter.

Bias in the nonlinear filter generator output sequence

Nonlinear filter generators are common components used in the keystream generators for stream ciphers and more recently for authentication mechanisms. They consist of a Linear Feedback Shift Register (LFSR) and a nonlinear Boolean function to mask the linearity of the LFSR output. Properties of the output of a nonlinear filter are not well studied. Anderson noted that the m-tuple output of a nonlinear filter with consecutive taps to the filter function is unevenly distributed. Current designs use taps which are not consecutive. We examine m-tuple outputs from nonlinear filter generators constructed using various LFSRs and Boolean functions for both consecutive and uneven (full positive difference sets where possible) tap positions. The investigation reveals that in both cases, the m-tuple output is not uniform. However, consecutive tap positions result in a more biased distribution than uneven tap positions, with some m-tuples not occurring at all. These biased distributions indicate a potential flaw that could be exploited for cryptanalysis.

A new family of Marx generator based on resonant converter

This paper presents a novel topology to generate high voltage with utilization of slow and fast power switches. New concepts used in this topology include numbers of diode-capacitor units in parallel with resonant circuits which are connected to a positive buck-boost converter. The resonant circuit reverses the voltage polarity of the capacitors. This configuration has capability of generating a flexible high voltage with certain number of capacitors. The advantage of this topology is to use slow switches, less number of diodes and capacitors compare to Marx generator. Simulations have been performed to verify the proposed topology.

Bias in the nonlinear filter generator output sequence

Nonlinear filter generators are common components used in the keystream generators for stream ciphers and more recently for authentication mechanisms. They consist of a Linear Feedback Shift Register (LFSR) and a nonlinear Boolean function to mask the linearity of the LFSR output. Properties of the output of a nonlinear filter are not well studied. Anderson noted that the m-tuple output of a nonlinear filter with consecutive taps to the filter function is unevenly distributed. Current designs use taps which are not consecutive. We examine m-tuple outputs from nonlinear filter generators constructed using various LFSRs and Boolean functions for both consecutive and uneven (full positive difference sets where possible) tap positions. The investigation reveals that in both cases, the m-tuple output is not uniform. However, consecutive tap positions result in a more biased distribution than uneven tap positions, with some m-tuples not occurring at all. These biased distributions indicate a potential flaw that could be exploited for cryptanalysis

Binocular summation improves performance to defocus-induced blur

PURPOSE. To assess whether there are any advantages of binocular over monocular vision under blur conditions. METHODS. We measured the effect of defocus, induced by positive lenses, on the pattern reversal Visual Evoked Potential (VEP) and on visual acuity (VA). Monocular (dominant eye) and binocular VEPs were recorded from thirteen volunteers (average age: 28±5 years, average spherical equivalent: -0.25±0.73 D) for defocus up to 2.00 D using positive powered lenses. VEPs were elicited using reversing 10 arcmin checks at a rate of 4 reversals/second. The stimulus subtended a circular field of 7 degrees with 100% contrast and mean luminance 30 cd/m2. VA was measured under the same conditions using ETDRS charts. All measurements were performed at 1m viewing distance with best spectacle sphero-cylindrical correction and natural pupils. RESULTS. With binocular stimulation, amplitudes and implicit times of the P100 component of the VEPs were greater and shorter, respectively, in all cases than for monocular stimulation. Mean binocular enhancement ratio in the P100 amplitude was 2.1 in-focus, increasing linearly with defocus to be 3.1 at +2.00 D defocus. Mean peak latency was 2.9 ms shorter in-focus with binocular than for monocular stimulation, with the difference increasing with defocus to 8.8 ms at +2.00 D. As for the VEP amplitude, VA was always better with binocular than with monocular vision, with the difference being greater for higher retinal blur. CONCLUSIONS. Both subjective and electrophysiological results show that binocular vision ameliorates the effect of defocus. The increased binocular facilitation observed with retinal blur may be due to the activation of a larger population of neurons at close-to-threshold detection under binocular stimulation.

Generator interconnection procedures at the Midwest ISO

The Midwestern US is a wind-rich resource and wind power is being developed in this region at a very brisk pace. Transporting this energy resource to load centers invariably requires massive transmission lines. This issue of developing additional transmission to support reliable integration of wind on to the power grid provides a multitude of interesting challenges spanning various areas of power systems such as transmission planning, real-time operations and cost-allocation for new transmission. The Midwest ISO as a regional transmission provider is responsible for processing requests to interconnect proposed generation on to the transmission grid under its purview. This paper provides information about some of the issues faced in performing interconnection planning studies and Midwest ISO's efforts to improve its generator interconnection procedures. Related cost-allocation efforts currently ongoing at the Midwest ISO to streamline integration of bulk quantities of wind power in to the transmission grid are also presented.