Computing the biases of parity-check relations


A divide-and-conquer cryptanalysis can often be mounted against some keystream generators composed of several (nonlinear) independent devices combined by a Boolean function. In particular, any parity-check relation derived from the periods of some constituent sequences usually leads to a distinguishing attack whose complexity is determined by the bias of the relation. However, estimating this bias is a difficult problem since the piling-up lemma cannot be used. Here, we give two exact expressions for this bias. Most notably, these expressions lead to a new algorithm for computing the bias of a parity-check relation, and they also provide some simple formulae for this bias in some particular cases which are commonly used in cryptography.

DOI: 10.1109/ISIT.2009.5205423

Extracted Key Phrases

1 Figure or Table

Cite this paper

@article{Canteaut2009ComputingTB, title={Computing the biases of parity-check relations}, author={Anne Canteaut and Mar{\'i}a Naya-Plasencia}, journal={2009 IEEE International Symposium on Information Theory}, year={2009}, pages={290-294} }