On the Affine Sub-Families of Quadratic NFSRs

• Published in: IEEE transactions on information theory Vol. 64; no. 4; pp. 2932 - 2940
• Main Authors: Zhang, Jia-Min, Tian, Tian, Qi, Wen-Feng, Zheng, Qun-Xiong
• Format: Journal Article
• Language: English
• Published: New York IEEE 01.04.2018; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Boolean functions; Buildings; cascade connection; Characteristic functions; Ciphers; Division; Grain-128; Linear feedback shift registers; NFSR sequences; Nonlinear feedback; nonlinear feedback shift registers; Polynomials; Shift registers; Upper bound; Upper bounds
• ISSN: 0018-9448; 1557-9654
• DOI: 10.1109/TIT.2017.2714680

Grain-128 is a hardware oriented stream cipher based on the cascade connection of a 128-bit linear feedback shift register into a 128-bit quadratic nonlinear feedback shift register (NFSR). Its main register is in essence a quadratic NFSR, however its affine sub-families could not be solved by the previous methods. In this paper, it is shown that the family of sequences generated by the main register of Grain-128 includes no affine sub-families except a small one of order three. To achieve this goal, a new method is proposed for solving affine sub-families of general quadratic NFSRs. Let NFSR<inline-formula> <tex-math notation="LaTeX">(f) </tex-math></inline-formula> be an NFSR with a quadratic characteristic function <inline-formula> <tex-math notation="LaTeX">f </tex-math></inline-formula>. It is proved that the characteristic function of a linear sub-family of the NFSR<inline-formula> <tex-math notation="LaTeX">(f) </tex-math></inline-formula> divides a linear combination of variables appearing in the quadratic terms of <inline-formula> <tex-math notation="LaTeX">f </tex-math></inline-formula>, where the division can be seen as the univariate polynomial division over the finite field <inline-formula> <tex-math notation="LaTeX">\mathbb {F}_{2} </tex-math></inline-formula>. This facilitates picking up a candidate set of linear sub-families through univariate polynomial factorization over <inline-formula> <tex-math notation="LaTeX">\mathbb {F}_{2} </tex-math></inline-formula>. The affine case is an analogy. Besides, a useful new upper bound on the orders of affine sub-families of a quadratic NFSR is given.