对广义自缩生成器的区分攻击

广义自缩生成器是一类结构简单、易于实现的流密码生成器．研究了广义自缩序列的安全性，利用生成器中反馈多项式及序列v对广义自缩生成器进行了区分攻击，表明如果广义自缩生成器的反馈多项式f(x)存在重量为w、次数为h的倍式，那么攻击者只要选择h^w-1个密钥流比特就可以进行区分攻击; 另一方面，如果f(x)本身的重量很低，那么也可以进行区分攻击，攻击的复杂度依赖于f(x)的重量．因此，在广义自缩序列中不能使用这两类多项式作为反馈多项式．其反馈多项式需要仔细选择，否则广义自缩生成器就容易受区分攻击．

Distinguishing attacks on generalized self-shrinking generators

With simple construction and easy implementation,the generalized self-shrinking generator is a keystream generator intended to be used as a stream cipher.This paper investigates the security of the generalized self-shrinking generator.We propose two distinguishing attacks on the generalized self-shrinking sequences by using the feedback polynomial and the sequence v.The results show that the attacker can launch a distinguishing attack by choosing the hw-1 keystream bit of the generalized self-shrinking generator,if the feedback polynomial f(x) is of hamming weight w and degree h.On the other hand,if the hamming weight of f(x) is low,then the attacker can launch a distinguishing attack,and the attack complexity depends on the weight of f(x).Therefore,neither type of the polynomials can be chosen as the feedback polynomials of the generalized self-shrinking generator.Users should choose the feedback polynomial carefully,otherwise the stream cipher can suffer from distinguishing attacks.