3

I have programmed an alternating step generator in the following way:

  • I have three LFSR. LFSR_1 is being clocked in every step.
  • Every LFSR has an initialization vector.
  • And we have a text to encrypt.

If the output of LFSR_1 is 1 :

  • LFSR_2 is being clocked and calculates its new output. LSFR_3 is not being clocked.
  • We build the sum of the output of LFSR_2 and LFSR_3 ("xor")-> sum23
  • Then the sum23 is XORed with the 1. bit of the plaintext we have to encrypt and this is the first bit of cipher.

If the output of LFSR_1 is 0:

  • LFSR_2 is not being clocked but stays the same.
  • LFSR_3 is being clocked and calculates its output.
  • We build the sum of the output of LFSR_2 and LFSR_3 ("xor")-> sum23
  • Then the sum23 is XORed with the next bit of the plaintext we have to encrypt and this is the next bit for the cipher...

My question is: I have to decrypt the cipher to the plaintext again. But I don't know how to do that?

kelalaka
  • 48,443
  • 11
  • 116
  • 196
Daniela
  • 31
  • 1
  • Note: irrespective of the parameterization and security of the ASG, what the question describes is not a secure cipher even by the weak notion of Known Plaintext Attack: the key is the initial state of the LFSRs, and if that key is reused KPA security fails totally. We'd need to add a setup phase with a nonce (including random) as Initialization Vector. – fgrieu May 19 '21 at 10:30

1 Answers1

3

Stream ciphers have a key and IV to initialize. One can design the Alternating Step Generator (ASG) to have key and IV together, though, classically is has only the key ( not IV, IVs's are not secret!).

Now, let have an ASG cipher with the key $k$. When you set the key, and clock the ASG, it will output a key-stream $S$. It is up to the designer to how to use this key-stream like they can discard the first 1000 bits (Yes, it was so common to discards initial bits of a stream cipher).

Let $S_i$ be the key-stream sequence ( i.e. bits of $S$ ). Then given a plaintext $P$ with the bit sequence $P_i$ we form the $C_i$ as

$$C_i = P_i \oplus S_i$$

This is the encryption

Now, if you want to decrypt, initialize the ASG with the same key again!. It will produce the same key-stream $S_i$ since there is no randomization, it is deterministic and must be.

Now we can recover the plaintext bits as

$$C_i \oplus S_i = (P_i \oplus S_i) \oplus S_i = P_i$$

As you can see we execute the same operation $\oplus$ for encryption and decryption. This is the beauty, simplicity, and the power of the $\oplus$

  • simple : no complicated operation for encryption and decryption, same circuit.
  • power : $\text{non-random} \oplus \text{random} = \text{random}$
  • beauty : (opinion based) a simple, reversible operation that can secure the messages!
kelalaka
  • 48,443
  • 11
  • 116
  • 196