Cryptography Reference
In-Depth Information
Fig. 2.8
Internal structure of the stream cipher Trivium
the output of each register is connected to the input of another register. Thus, the
registers are arranged in circle-like fashion. The cipher can be viewed as consisting
of one circular register with a total length of 93 + 84 + 111 = 288. Each of the three
registers has similar structure as described below.
The input of each register is computed as the XOR-sum of two bits:
The output bit of another register according to Fig. 2.8. For instance, the output
of register
A
is part of the input of register
B
.
One register bit at a specific location is fed back to the input. The positions are
given in Table 2.4. For instance, bit 68 of register
A
is fed back to its input.
The output of each register is computed as the XOR-sum of three bits:
The rightmost register bit.
One register bit at a specific location is fed forward to the output. The positions
are given in Table 2.4. For instance, bit 66 of register
A
is fed to its output.
The output of a logical AND function whose input is two specific register bits.
Again, the positions of the AND gate inputs are given in Table 2.4.
Table 2.4
Specification of Trivium
register length feedback bit feedforward bit AND inputs
A
93
69
66
91, 92
B
84
78
69
82, 83
C
111
87
66
109, 110
Note that the AND operation is equal to multiplication in modulo 2 arithmetic.
If we multiply two unknowns, and the register contents are the unknowns that an at-
tacker wants to recover, the resulting equations are no longer linear as they contain
products of two unknowns. Thus, the feedforward paths involving the AND opera-
tion are crucial for the security of Trivium as they prevent attacks that exploit the
