The Generalized self-shrinking (GSS) generator is a specialization of the shrinking generator and a generalization of the self-shrinking generator. It is proved that this generator has some attractive properties in cryptographic senses such as long period, high linear complexity and good random properties. In this paper we demonstrate an attack on the GSS generator based on a property of maximum-length sequence. Our results show that all the GSS keystreams are vulnerable to a clock guessing attack provided that the filter function (vector g) is known, thus much improve the results of the designers. Assuming a short known segment of keystream bits, our attack on the generalized self-shrinking generator has the same complexity as that on the self-shrinking generator, O(20.694L), where L is the length of the LFSR used in the generator. Our conclusion is that the GSS generator is no more secure than the self-shrinking generator with the filter function known. It is recommended to keep the filter function secret in practical applications.
展开▼