1. Overview

2. Security

3. References

In cryptography, an alternating step generator (ASG) is a cryptographic pseudorandom number generator intended to be used in a stream cipher. The design was published in 1987 by C. G. Günther. It is also known as the alternating stop-and-go generator.

Overview

Linear-feedback shift registers (LFSRs) are, statistically speaking, excellent pseudorandom generators, with good distribution and simple implementation. However, they cannot be used as-is because their output can be predicted easily.

An ASG comprises three linear-feedback shift registers, which we will call LFSR0, LFSR1 and LFSR2 for convenience. The output of one of the registers decides which of the other two is to be used; for instance if LFSR2 outputs a 0, LFSR0 is clocked, and if it outputs a 1, LFSR1 is clocked instead. The output is the exclusive OR of the last bit produced by LFSR0 and LFSR1. The initial state of the three LFSRs is the key.

Customarily, the LFSRs use primitive polynomials of distinct but close degree, preset to non-zero state, so that each LFSR generates a maximum length sequence. Under these assumptions, the ASG's output demonstrably has long period, high linear complexity, and even distribution of short subsequences.

Example code in C:

/* 16-bit toy ASG (much too small for practical usage); return 0 or 1. */

unsigned ASG16toy(void)

  static unsigned /* unsigned type with at least 16 bits */    lfsr2  = 0x8102, /* initial state, 16 bits, must not be 0 */    lfsr1  = 0x4210, /* initial state, 15 bits, must not be 0 */    lfsr0  = 0x2492; /* initial state, 14 bits, must not be 0 */

  /* LFSR2 use  x^^16 + x^^14 + x^^13 + x^^11 + 1 */  lfsr2 = (-(lfsr2&1))&0x8016 ^ lfsr2>>1;

  if (lfsr2&1)    /* LFSR1 use  x^^15 + x^^14 + 1 */    lfsr1 = (-(lfsr1&1))&0x4001 ^ lfsr1>>1;  else    /* LFSR0 use  x^^14 + x^^13 + x^^3 + x^^2 + 1 */    lfsr0 = (-(lfsr0&1))&0x2C01 ^ lfsr0>>1;

}

An ASG is very simple to implement in hardware. In particular, contrary to the shrinking generator and self-shrinking generator, an output bit is produced at each clock, ensuring consistent performance and resistance to timing attacks.

Security

In Reduced Complexity Attacks on the Alternating Step Generator, Shahram Khazaei, Simon Fischer, and Willi Meier give a cryptanalysis of the ASG allowing various tradeofs between time complexity and the amount of output needed to mount the attack, e.g. with asymptotic complexity and bits, where is the size of the shortest of the three LFSRs.

References

• C. G. Günther. Alternating step generators controlled by de Bruijn sequences, Advances in Cryptology – EuroCrypt '87 (pp. 5–14), LNCS 304, Springer Verlag, {{ISBN|3-540-19102-X}}. See  , or [https://link.springer.com/content/pdf/10.1007%2F3-540-39118-5_2.pdf].
• Schneier, Bruce. Applied Cryptography (p383-384), Second Edition, John Wiley & Sons, 1996. {{ISBN|0-471-11709-9}}

• Faces (Irma album)
• Face slap
• Faces (mixtape)
• Faces (Nik Kershaw song)
• Faces of Death (B.O.N.E Enterpri$e album)
• Faces of Evil (Justin Richards novel)
• Faces of FanFan
• Faces of Fear
• Faces of Fear (Saul novel)
• Faces of Love
• Faces of Love Film Festival
• Faces of Sunset Boulevard
• Faces of Sunset Boulevard: A Portrait of Los Angeles
• Faces Of War Memorial
• Face (song)
• Faces (Orgy song)
• Facet arthritis
• Facet cells
• Facet cyst
• Facet disease
• Faceted
• Faceted Application of Subject Terminology
• Faceted (disambiguation)
• Faceted hexacosichoron
• Faceted spur