Guess and Determine Attacks on Filter Generators—Revisited

Although there are many different approaches used in cryptanalysis of nonlinear filter generators, the selection of tap positions has not received enough attention yet. In this paper we examine the security of nonlinear filter generators that output several bits at the time against a variant of a guess and determine attack that takes into account the tap positions of the generator. In difference to the filter state guessing attack (FSGA) introduced by Pasalic (2009), our approach further reduces the input preimage space by using a given placement of the tap positions. The new attack, though a simple generalization of the FSGA, in many cases outperforms both classical algebraic attacks and the FSGA. In particular, the new attack is much more efficiently applied against filter generators that use a vectorial Maiorana-McFarland than classical algebraic attacks or the FSGA. As a proof of the concept we apply our attack to the stream cipher SOBER-t32 without stuttering and show that our attack performs slightly better than a guess and determine attack proposed by Babbage et al.