On Sat, Jan 09, 2010 at 11:52:40PM +0100, Frank A. Stevenson wrote: > On Sat, 2010-01-09 at 23:39 +0100, sascha wrote: > > Another question is whether it is possible to convert an illegal state > > that produces the correct keystream to a legal state > > that produces the same keystream. When i generated some chains with > > a simple increment function generating the start values i got 92% chain > > merges in a 10M chains table which suggests that those states that > > produce the same keystream are only a few bit flips apart. > > I am not sure if a simple bit flip will do it, but perhaps it is > possible by applying single or few clockings of some direction to some > of the LFSRs, so you get a "legal" state, but yet produce the same > output.
Maybe clock the illegal state forward N ticks and check each of the ancestors less than N + 5 clocks away from that new forward state whether there is one that produces the same keystream. If i am correct and the 2 compatible states are "close together" then they could very well be found that way. > > Unfortunately when I found my false positives, I had thrown away the > original keys, and had no basis to compare the false positive with the > correct state. We should keep this in mind when we start testing the > lookup code at a bigger scale: to keep the correct keys for reference > and helping us understand better what the situation is with the false > positives. > _______________________________________________ A51 mailing list A51@lists.reflextor.com http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
