Library

5.3.2 Systematic Weaknesses

Some ciphers possess systematic weaknesses that permit cryptanalysis without exhaustive key search. Such vulnerabilities arise when the algorithm’s internal structure allows statistical or algebraic relationships between plaintext, ciphertext, and key to be exploited. As discussed earlier, the Caesar cipher is trivially broken by frequency analysis, because each plaintext symbol maps consistently to one ciphertext symbol and letter frequencies in the ciphertext mirror those of the underlying language.

Systematic weaknesses may also originate in procedures rather than in the mathematical algorithm. The German Enigma machine of World War II, for instance, contained several procedural flaws that aided its decryption. The first three letters of each message, intended to randomize the encryption, were repeated, and operators often selected predictable values for them—an error that ultimately enabled Allied cryptanalysts to recover daily keys. Modern systems can likewise fail through weak operational practices—for example, using only a small subset of possible keys, poor random-number generation, or key reuse across sessions.

The linear shift register provides a good illustration of an intrinsic systematic weakness. If the key length is n, the taps of a linear shift register can be determined given 2n bits of corresponding plain text and cipher text. We show how this can be done for a simple example with n=4. Knowing eight bits of corresponding plain text and cipher text allows eight bits of keystream to be recovered. For example:

1 0 1 0 1 1 0 0 Plain text

1 1 0 0 0 1 0 1 Cipher text

0 1 1 0 1 0 0 1 Keystream

As shown in Figure 5.8, the eight recovered keystream bits reveal the state transitions of the shift register (lower left), which yield four linear equations in the tap variables [c3,c2,c1,c0]. Solving these equations exposes the feedback configuration and thus the key. A linear shift register is therefore vulnerable to known-plaintext attacks using relatively few bits of data—a general weakness of cipher systems built solely on linear operations such as XOR and shift.

In addition, many LFSR key choices generate poor sequences (for example, where most bits are 0 or 1), which drastically reduces the number of usable keys. Because these suboptimal configurations are difficult to identify and exclude automatically, they further compromise the cipher’s effective security.

Figure 5.8. Cryptanalysis of a linear shift register.