Nonlinear n-stage feedback shift-register sequences over the finite field Fq of period q n − 1 are investigated under linear operations on sequences. We prove that all members of an easily described class of linear combinations of shifted versions of these sequences possess useful properties for cryptographic applications: large periods, large linear… (More)
We determine the imbalances of the keystreams produced by Achterbahn-80 and Achterbahn-128 in two different ways. The number of cyclically inequivalent keystreams produced by the keystream generators of Achterbahn-80 and Achterbahn-128 is determined. An abstract model for the keystream generator of a primitive NLFSR combination generator is used to justify… (More)
We report on the results of computations concerning the linear complexities of the NLFSRs deployed in Achterbahn's keystream generator. We outline a probabilis-tic algorithm for estimating the linear complexities of binary sequences of period 2 N − 1. We define Achterbahn-Version 2 whose keystream generator consists of ten shift registers. We introduce the… (More)
The Boolean combining function in the 80-bit-key stream cipher Achterbahn  is weak. Its major weakness consists of the fact that by setting two specific variables to zero, the function becomes linear. Its second weakness consists of the fact that it can be approximated by a linear function which agrees with the Boolean combining function with probability… (More)
— In this paper we examine a correlation attack against combination generators introduced by Meier et al. in 2006 and extended to a more powerful tool by Naya-Plasencia. The method has been used in the cryptanalysis of the stream ciphers Achterbahn and Achterbahn-128/80. No mathematical proofs for the method were given. We show that rigorous proofs can be… (More)
Stream ciphers that deploy linear feedback shift registers (LFSRs) have been shown to be vulnerable under fast correlation at-, and fault attacks . We discuss certain nonlinear feedback shift registers (NLFSRs) recommended as substitutes for LFSRs in stream cipher systems.