CryptologyIV.3 Feedback Shift Registers and Linear Complexity |
|
The complete chapter as PDF file.
As we saw in the last chapter LFSRs are cryptographically weak if naively used. Even nonlinear FSRs admit an efficient prediction algorithm via the Noetherian principle undermining their security.
In this chapter we'll look at LFSRs from the opposite direction: Given a bit sequence, how to generate it by an LFSR in an optimal way? The minimal length of such an LFSR—called linear complexity—will turn out to be a useful measure of predictability—even a very good measure except for a few outliers.
As a result of this chapter we note:
Using LFSRs and nonlinear combining functions we can build useful and fast pseudorandom generators, especially in hardware.
Unfortunately[*] there is no satisfying comprehensive theory for the cryptologic security of this type of pseudorandom generators, even less a mathematical proof. Security is assessed by plausible criteria that—as for bitblock ciphers—are related to the nonlinearity of Boolean functions.
[*] Mathematicians would say »fortunately« since unsolved problems are essential for their survival.