Abstract. The shrinking generator is a well-known keystream generator composed of two linear feedback shift registers, LFSR1 and LFSR2, where LFSR1 is clock-controlled according to regularly clocked LFSR2. A probabilistic analysis of the shrinking generator which shows that this generator can be vulnerable to a specific fast correlation attack is conducted. The first stage of the attack is based on a recursive computation of the posterior probabilites of individual bits of the regularly clocked LFSR1 sequence when conditioned on a given segment of the keystream sequence. Theoretical analysis shows that these probabilities are significantly different from one half and can hence be used for reconstructing the initial state of LFSR1 by iterative probabilistic decoding algorithms for fast correlation attacks on regularly clocked LFSR’s. In the second stage of the attack, the initial state of LFSR2 is reconstructed in a similar way, which is based on a recursive computation of the pos...
Jovan Dj. Golic