cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...

, the shrinking generator is a form of

pseudorandom number generator A pseudorandom number generator (PRNG), also known as a deterministic random bit generator (DRBG), is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. The PRNG-generate ...

intended to be used in a

stream cipher stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream ...

. It was published in Crypto 1993 by

Don Coppersmith Don Coppersmith (born 1950) is a cryptographer and mathematician. He was involved in the design of the Data Encryption Standard block cipher at IBM, particularly the design of the S-boxes, strengthening them against differential cryptanalysis ...

Hugo Krawczyk Hugo Krawczyk is an Argentine-Israeli cryptographer best known for co-inventing the HMAC message authentication algorithm and contributing in fundamental ways to the cryptographic architecture of central Internet standards, including IPsec, IKE, ...

, and

Yishay Mansour Jesse () or Yishai ( he, יִשַׁי – ''Yīšay'', – ''ʾĪšay''. in pausa he, יִשָׁי – ''Yīšāy'', meaning "King" or "God's gift"; syr, ܐܝܫܝ – ''Eshai''; el, Ἰεσσαί – ''Iessaí''; la, Issai, Isai, Jesse), i ...

. The shrinking generator uses two

linear-feedback shift register In computing, a linear-feedback shift register (LFSR) is a shift register whose input bit is a linear function of its previous state. The most commonly used linear function of single bits is exclusive-or (XOR). Thus, an LFSR is most often a sh ...

s. One, called the sequence, generates output bits, while the other, called the sequence, controls their output. Both and are clocked; if the

bit The bit is the most basic unit of information in computing and digital communications. The name is a portmanteau of binary digit. The bit represents a logical state with one of two possible values. These values are most commonly represente ...

is 1, then the bit is output; if the bit is 0, the bit is discarded, nothing is output, and the registers are clocked again. This has the disadvantage that the generator's output rate varies irregularly, and in a way that hints at the state of S; this problem can be overcome by buffering the output. The random sequence generated by LFSR can not guarantee the unpredictability in secure system and various methods have been proposed to improve its randomness Despite this simplicity, there are currently no known attacks better than exhaustive search when the feedback polynomials are secret. If the feedback polynomials are known, however, the best known attack requires less than • bits of output.Caballero-Gil, P. et al
New Attack Strategy for the Shrinking Generator
''Journal of Research and Practice in Information Technology'', Vol. 1, pages 331–335, Dec 2008. A variant is the

self-shrinking generator A self-shrinking generator is a pseudorandom generator that is based on the shrinking generator concept. Variants of the self-shrinking generator based on a linear-feedback shift register (LFSR) are studied for use in cryptography. Algorithm In d ...

An implementation in Python

This example uses two Galois LFRSs to produce the output pseudorandom bitstream. The Python code can be used to encrypt and decrypt a file or any bytestream. #!/usr/bin/env python3 import sys # ---------------------------------------------------------------------------- # Crypto4o functions start here # ---------------------------------------------------------------------------- class GLFSR: """Galois linear-feedback shift register.""" def __init__(self, polynom, initial_value): print "Using polynom 0x%X, initial value: 0x%X." % (polynom, initial_value) self.polynom = polynom , 1 self.data = initial_value tmp = polynom self.mask = 1 while tmp != 0: if tmp & self.mask != 0: tmp ^= self.mask if tmp

0: break self.mask <<= 1 def next_state(self): self.data <<= 1 retval = 0 if self.data & self.mask != 0: retval = 1 self.data ^= self.polynom return retval class SPRNG: def __init__(self, polynom_d, init_value_d, polynom_c, init_value_c): print "GLFSR D0: ", self.glfsr_d = GLFSR(polynom_d, init_value_d) print "GLFSR C0: ", self.glfsr_c = GLFSR(polynom_c, init_value_c) def next_byte(self): byte = 0 bitpos = 7 while True: bit_d = self.glfsr_d.next_state() bit_c = self.glfsr_c.next_state() if bit_c != 0: bit_r = bit_d byte , = bit_r << bitpos bitpos -= 1 if bitpos < 0: break return byte # ---------------------------------------------------------------------------- # Crypto4o functions end here # ---------------------------------------------------------------------------- def main(): prng = SPRNG( int(sys.argv 16), int(sys.argv 16), int(sys.argv 16), int(sys.argv 16), ) with open(sys.argv "rb") as f, open(sys.argv "wb") as g: while True: input_ch = f.read(1) if input_ch

"": break random_ch = prng.next_byte() & 0xFF g.write(chr(ord(input_ch) ^ random_ch)) if __name__

"__main__": main()

References

{{Cryptography stream Stream ciphers Pseudorandom number generators

An implementation in Python

See also

References