Understanding Stream Cipher: Initialization Vector, Feedback Coefficients, and LFSR Implementation
VerifiedAdded on 2023/04/24
|5
|1329
|72
AI Summary
In this answers we will discuss about initialization vector used and below are the summaries point:-
The initialization vector used in the stream cipher is determined by a matrix calculation and recurrence relation.
The feedback coefficients of the linear feedback shift register (LFSR) are determined using the Berlekamp-Massey algorithm.
The LFSR diagram and its parallel formulas are provided to illustrate the implementation of the given stream cipher.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
ANSWERS
1)
(a) What is the initialization vector used? (5 Pts.)
Answer
Let A1 represents the new initial of SRr after one shift, s.t.
A1=A0M=(a-1,a-2,…,a-r)
( c1 1 ⋯ 0
c2 0 ⋯ 0
⋮ ⋮ ⋮ ⋮
cr 0 ⋯ 0 ) =(∑
j=1
r
a− j c j
,a-1,…,a1-r).
In general,
Ai=Ai-1M, i=0,1,2,… …(2)
Equation (2) can be considered as a recurrence relation, so we have:
Ai=Ai-1M=Ai-2M2=…=A0Mi …(3)
The matrix Mi represents the phase i of SRr, equations (2,3) can be considered as a
Markov Process s.t. A0 is the initial probability distribution, Ai represents probability distribution
and M be the transition matrix (Golomb, 1982).
Notice that:
M2=[C1C0|Irr-2] and so on until get Mi=[Ci-1…C0|Irr-i], where 1i<r.
When CP=C0 then MP+1=M.
Assuming as you specified that X1X1 is 8181 and X2X2 is 6565.
X1||…||XnX1||…||Xn is your key stream in bits.
(b) What are the feedback coefficients of the LFSR? (10 Pts.)
Answer The Berlekamp-Massey algorithm is an iterative algorithm that solves the
following problem. Given a sequence s0,s1,s2,…s0,s1,s2,… of elements of a field,
find the shortest linear feedback shift register (LFSR) that generates this sequence.
1)
(a) What is the initialization vector used? (5 Pts.)
Answer
Let A1 represents the new initial of SRr after one shift, s.t.
A1=A0M=(a-1,a-2,…,a-r)
( c1 1 ⋯ 0
c2 0 ⋯ 0
⋮ ⋮ ⋮ ⋮
cr 0 ⋯ 0 ) =(∑
j=1
r
a− j c j
,a-1,…,a1-r).
In general,
Ai=Ai-1M, i=0,1,2,… …(2)
Equation (2) can be considered as a recurrence relation, so we have:
Ai=Ai-1M=Ai-2M2=…=A0Mi …(3)
The matrix Mi represents the phase i of SRr, equations (2,3) can be considered as a
Markov Process s.t. A0 is the initial probability distribution, Ai represents probability distribution
and M be the transition matrix (Golomb, 1982).
Notice that:
M2=[C1C0|Irr-2] and so on until get Mi=[Ci-1…C0|Irr-i], where 1i<r.
When CP=C0 then MP+1=M.
Assuming as you specified that X1X1 is 8181 and X2X2 is 6565.
X1||…||XnX1||…||Xn is your key stream in bits.
(b) What are the feedback coefficients of the LFSR? (10 Pts.)
Answer The Berlekamp-Massey algorithm is an iterative algorithm that solves the
following problem. Given a sequence s0,s1,s2,…s0,s1,s2,… of elements of a field,
find the shortest linear feedback shift register (LFSR) that generates this sequence.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Here, LFSR is a linear array of nn elements with initial value $$(s_0, \quad s_1,\quad \
ldots, \quad s_{n-2}, .. Berlekamp-Massey can be used if you do not know the feedback
polynomial and you do not know the initial fill. If you do know the feedback polynomial
but do not know the initial fill, you can use other simpler methods. F
(b) Write down the recurrence relation used. (5 Pts.)
Answer
Solution The data of a LFSR diagram, of a linear recurrences relation, and of a connection
polynomial are equivalent — they express the same information. The connection polynomial
g(x) = P encodes the wiring of a LFSR which implements a recurrence relation. Thinking of x j
as a shift operator acting on the sequence s0, s1, s2, . . . , the behaviour of g(x) in the product
g(x)s(x) (below) is
(c) (d) Draw the LFSR that implements the given stream cipher. (5 Pts.)
Answer
The diagram of such LFSR is:
Io;{
{}p/1300
3+-------------+-----------+-----------+-----------+------------+-----------
+-----------+------------+
| | | | | | |
| |
| *a *b *c *d *e *f
*g |
| | | | | | |
| |
| +-----+ | +-----+ | +-----+ | +-----+ | +-----+ | +-----+ |
+-----+ | +-----+ |
| | | | | | | | | | | | | | | | | | |
| | | | | |
+--->+ x0 +---->| x1 +---->| x2 +---->| x3 +---->| x4 +-----> x5 +----
>| x6 +---->| x7 +-------> ...
| | | | | | | | | | | |
| | | |
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+
+-----+ +-----+
ldots, \quad s_{n-2}, .. Berlekamp-Massey can be used if you do not know the feedback
polynomial and you do not know the initial fill. If you do know the feedback polynomial
but do not know the initial fill, you can use other simpler methods. F
(b) Write down the recurrence relation used. (5 Pts.)
Answer
Solution The data of a LFSR diagram, of a linear recurrences relation, and of a connection
polynomial are equivalent — they express the same information. The connection polynomial
g(x) = P encodes the wiring of a LFSR which implements a recurrence relation. Thinking of x j
as a shift operator acting on the sequence s0, s1, s2, . . . , the behaviour of g(x) in the product
g(x)s(x) (below) is
(c) (d) Draw the LFSR that implements the given stream cipher. (5 Pts.)
Answer
The diagram of such LFSR is:
Io;{
{}p/1300
3+-------------+-----------+-----------+-----------+------------+-----------
+-----------+------------+
| | | | | | |
| |
| *a *b *c *d *e *f
*g |
| | | | | | |
| |
| +-----+ | +-----+ | +-----+ | +-----+ | +-----+ | +-----+ |
+-----+ | +-----+ |
| | | | | | | | | | | | | | | | | | |
| | | | | |
+--->+ x0 +---->| x1 +---->| x2 +---->| x3 +---->| x4 +-----> x5 +----
>| x6 +---->| x7 +-------> ...
| | | | | | | | | | | |
| | | |
+-----+ +-----+ +-----+ +-----+ +-----+ +-----+
+-----+ +-----+
where a b c d e f g are constants set to 0 or 1 to determine whether a bit influence the next
result.
Thus you can see the LFSR as following parallel formulas:
out←x7out←x7
x7←x6x7←x6
x6←x5x6←x5
x5←x4x5←x4
x4←x3x4←x3
x3←x2x3←x2
x2←x1x2←x1
x1←x0x1←x0
x0←f(x0,x1,x2,x3,x4,x5,x6,x7)x0←f(x0,x1,x2,x3,x4,x5,x6,x7)
where
f(x0,x1,x2,x3,x4,x5,x6,x7)=(x0∧a)⊕(x1∧b)⊕(x2∧c)⊕(x3∧d)⊕(x4∧e)⊕(x5
∧f)⊕(x6∧g)⊕x7f(x0,x1,x2,x3,x4,x5,x6,x7)=(x0∧a)⊕(x1∧b)⊕(x2∧c)⊕(x3∧d)⊕(x
4∧e)⊕(x5∧f)⊕(x6∧g)⊕x7
From this you can deduce:
f(1,0,0,0,1,0,1,0)=0f(1,0,0,0,1,0,1,0)=0 and the LFSR returned 00
f(0,1,0,0,0,1,0,1)=1f(0,1,0,0,0,1,0,1)=1 and the LFSR returned 11
f(1,0,1,0,0,0,1,0)=1f(1,0,1,0,0,0,1,0)=1 and the LFSR returned 00
……
and finally:
f(0,1,0,0,1,1,0,1)=1f(0,1,0,0,1,1,0,1)=1 and the LFSR returned 11
Notice that the first column is the second part of the stream : 011…1011…1 and the
second column (LFSR returned) is your first part of the stream: 010…1010…1
(e) Write a program in your favorite programming language to generate the whole key stream
and find out the complete message sent by Alice. (25 Pts.)
Answer
Given in zip file
result.
Thus you can see the LFSR as following parallel formulas:
out←x7out←x7
x7←x6x7←x6
x6←x5x6←x5
x5←x4x5←x4
x4←x3x4←x3
x3←x2x3←x2
x2←x1x2←x1
x1←x0x1←x0
x0←f(x0,x1,x2,x3,x4,x5,x6,x7)x0←f(x0,x1,x2,x3,x4,x5,x6,x7)
where
f(x0,x1,x2,x3,x4,x5,x6,x7)=(x0∧a)⊕(x1∧b)⊕(x2∧c)⊕(x3∧d)⊕(x4∧e)⊕(x5
∧f)⊕(x6∧g)⊕x7f(x0,x1,x2,x3,x4,x5,x6,x7)=(x0∧a)⊕(x1∧b)⊕(x2∧c)⊕(x3∧d)⊕(x
4∧e)⊕(x5∧f)⊕(x6∧g)⊕x7
From this you can deduce:
f(1,0,0,0,1,0,1,0)=0f(1,0,0,0,1,0,1,0)=0 and the LFSR returned 00
f(0,1,0,0,0,1,0,1)=1f(0,1,0,0,0,1,0,1)=1 and the LFSR returned 11
f(1,0,1,0,0,0,1,0)=1f(1,0,1,0,0,0,1,0)=1 and the LFSR returned 00
……
and finally:
f(0,1,0,0,1,1,0,1)=1f(0,1,0,0,1,1,0,1)=1 and the LFSR returned 11
Notice that the first column is the second part of the stream : 011…1011…1 and the
second column (LFSR returned) is your first part of the stream: 010…1010…1
(e) Write a program in your favorite programming language to generate the whole key stream
and find out the complete message sent by Alice. (25 Pts.)
Answer
Given in zip file
Answer 2
p(x)=p(x|y),∀x∈P∧y∈C.
The p(x)p(x) is whatever the original distribution says it is. Now p(x|y)p(x|y) cannot be the same
as p(x)p(x) for this
p(x|y)=p(y|x)p(x) /p(y)
p(y)=∑p(k)p(dk(y))
so probability that key used was k∈K times the probability of decrypted message being dk(y)
I would think p(dk(y)) is same as p(x) as x is y encrypted and as we sum over all the keys, for
any key there is some y∈C which maps back to a given x∈P this is same as p(x).p(x).
Thus p(x|y)=p(y|x) We know x, and every key maps every plaintext to different cryptotext, they
would have same distribution, so p(x|y)=p(y|x)=p(x)p(x|y)=p(y|x)=p(x).
Answer 3
Suppose S1and S2 are Vigenere Ciphers with keyword lengths m1, m2 respectively, where m1>
m2. If m2| m1, then S2× S1= S1 .If mod m2, then the number of keys in the product
cryptosystem S2× S1 is than the number of keys in S3.
p(x)=p(x|y),∀x∈P∧y∈C.
The p(x)p(x) is whatever the original distribution says it is. Now p(x|y)p(x|y) cannot be the same
as p(x)p(x) for this
p(x|y)=p(y|x)p(x) /p(y)
p(y)=∑p(k)p(dk(y))
so probability that key used was k∈K times the probability of decrypted message being dk(y)
I would think p(dk(y)) is same as p(x) as x is y encrypted and as we sum over all the keys, for
any key there is some y∈C which maps back to a given x∈P this is same as p(x).p(x).
Thus p(x|y)=p(y|x) We know x, and every key maps every plaintext to different cryptotext, they
would have same distribution, so p(x|y)=p(y|x)=p(x)p(x|y)=p(y|x)=p(x).
Answer 3
Suppose S1and S2 are Vigenere Ciphers with keyword lengths m1, m2 respectively, where m1>
m2. If m2| m1, then S2× S1= S1 .If mod m2, then the number of keys in the product
cryptosystem S2× S1 is than the number of keys in S3.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1 out of 5
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.