In 1985 Siegenthaler introduced the concept of correlation attacks on LFSR based stream ciphers. A few years later Meier and Staffelbach demonstrated a special technique, usually referred to as fast correlation attacks, that is very effective if the feedback polynomial has a special form, namely, if its weight is very low. Due to this seminal result, it is a well known fact that one avoids low weight feedback polynomials in the design of LFSR based stream ciphers. This paper identifies a new class of such weak feedback polynomials, polynomials of the form f(x) = g_1(x) + g_2(x)x~(M_1) + ... + g_t(x)x~(M_(t-1)) where g_1,g_2,... ,gt are all polynomials of low degree. For such feedback polynomials, we identify an efficient correlation attack in the form of a distinguishing attack.
展开▼
