Correlation attacks on stream ciphers

The fast correlation attack described by Meier and Staffelbach (1989) on certain classes of stream ciphers, based on linear feedback shift registers, requires that the number of taps of the characteristic polynomial must be small-typically less than 10. The attack can be extended to characteristic polynomials with an arbitrary number of taps if it is possible to compute low-weight polynomial multiples of the feedback polynomial. In this paper we present an algorithm for the efficient computation of low-weight parity checks. The algorithm, based on the theory of cyclic block error-correcting codes, applies the ideas underlying majority-logic decoding of maximal-length codes. A statistical analysis shows that it is not realistic to consider weight-3 parity checks, and hence it is necessary to compute weight-4 parity checks. The proposed algorithm has a worst-case computational complexity of O(2^2k/3), which is essentially independent of the number of taps of the characteristic polynomial, and is suitable for linear feedback shift registers of approximately 100 bits