Fault Cryptanalysis and the Shrinking Generator
Marcin Gomulkiewicz, Miroslaw Kutylowski, Pawel Wlaz
We present two efficient and simple fault attacks on the shrinking generator.
In a first case if the attacker can stop control generator for some small number of steps
and observe the output, then with high probability he can deduce the full control sequence,
and so the other input bitstream. The second method assumes that the attacker
can disturb the control sequence (in an unpredictable and random way)
and observe many samples of such experiments. Then he can reconstruct acertain sequence
that agrees with the input sequence of the generator on a large fraction of bits.
Keywords: fault cryptanalysis, shrinking generator