Security Analysis of the Generalized Self-shrinking Generator

In this paper, we analyze the generalized self-shrinking generator newly proposed in [8]. Some properties of this generator are described and an equivalent definition is derived, after which two attacks are developed to evaluate its security. The first attack is an improved clock-guessing attack using short keystream with the filter function (vector G) known. The complexity of this attack is O(20.694n), where n is the length of the LFSR used in the generator. This attack shows that the generalized self-shrinking generator can not be more secure than the self-shrinking generator, although much more computations may be required by it. Our second attack is a fast correlation attack with the filter function (vector G) unknown. We can restore both the initial state of the LFSR with arbitrary weight feedback polynomial and the filter function (vector G) with complexity much lower than the exhaustive search. For example, for a generator with 61-stage LFSR, given a keystream segment of 217.1 bits, the complexity is around 256, which is much lower than 2122, the complexity of the exhaustive search.