ORYX

ORYX is an encryption algorithm that is implemented in cellular communications in order to protect the data traffic in a data stream designed for a strong level of 96-bit key with a time complexity of 2 ^ 16, with how to reduce the force to export 32-bit data, but due to errors of force is a 16-bit trivial and any signal can be broken after the first bytes 25-27. ORYX generates a keystream which is used as a one-time pad or XOR with the message to encrypt or decrypt.
ORYX is a simple encryption based on binary linear feedback registers to shift gears (LFSR) that protects mobile data transmission, this figure contains four components: three 32-bit LFSR labeled LFSRA, LFSRB and SP LFSRK and a box containing a known L permutation of integers from 0 to 255.
Each of the functions you if definition of independent feedback:

• For LFSRK this feedback function defined as follows:

X ^ 32 + X ^ 28 + X ^ 19 + X ^ 18 + X ^ 16 + X ^ 14 + X ^ 11 + X ^ 10 + X 9 + X ^ ^ 6 + x ^ 5 + x + 1

• For feedback features LFSRA defined:

X ^ 32 + X ^ 26 + X ^ 23 + X ^ 22 + X ^ 16 + X ^ 12 + X ^ 11 + X ^ 10 + X ^ 8 + X ^ 7 + X ^ 5 + X ^ 4 + X ^ 2 + X + 1

And

X ^ 32 + X ^ 27 + X ^ 26 + X ^ 25 + X ^ 24 + X ^ 23 + X ^ 22 + X ^ 17 + X ^ 13 + X ^ 11 + X ^ 10 + X ^ 9 + X ^ 8 + X ^ 7 + 2 + X + 1

• And the feedback features LFSRB is:

X ^ 32 + X ^ 31 + X ^ 21 + X ^ 20 + X ^ 16 + X ^ 15 + X ^ 6 + X ^ 3 + X + 1

Where L is formed by the duration of the call and is formed from said algorithm initialized with a value during the call set each byte of keystream is generated as follows according to the feedback functions set for each of the shift registers:

1. Once LFSRK approaches
2. LFSRA once this step as one of the definitions of different feedback on the content of a stage of LFSRK
3. LFSRB is stepped, one or two times depending on the contents of the stage LFSRK
4. The high byte LFSRK states, LFSRB LFSRA and combine with the purpose of forming a keystream byte:

Keystream = (High8K + L [High8A] + L [High8B]) mod 256

Table L no secret L is different for each message or byte input

In the higher byte of LFSRK where the key is determined for the LFSRA, B and sometimes varies depending LFSR implementation since the algorithm is known chains the only unknown to an attack is the initial contents of the registers 32 -bit linear feedback shift. As believed to have a space of 96-bit key in which there are 2 ^ 96 possible initial states in ORYX, but if an attacker obtains a portion of the keystream produced by ORYX can work backwards and divide and get the full 96-bit initial state all the attacker has to do is apply XOR to the known parts of the plaintext and the ciphertext to obtain the portion of the key chain.

Means known keystream byte produced at time t as K (t). Indicating the highest LFSRA 8-bit, and LFSR LFSRK at time t as: High8 A (t), High8 B (t), and High8 K (t). So the initial state of each record in the high 8-bit are: High8 A (0), High8 B (0), and High8 K (0).

The first byte of the key stream produced by the high functions to apply 8-bit of each stage where K (1) = (L [High8 A (1)] + L [High8 B (1)] + K ( High8 1)) mod 256, where L is the permutation of the box S.

At time t = 2, High8 A (2), and High8 K (2) each have a new unknown bit shifted in them, and High8 B (2) have one or two unknown bits shifted therein. However, we consider that the number of bits shifted in High8 B (2) is dependent on 1 bit of the high byte from LFSRK then the total number of possible states at time t = 2.
If the bit in the high byte says LFSRB to change twice, then 4 values ​​will likely High8 B (2) and there will be two possible values ​​of A (2) for a total of 2 * 4 = 8 possible states High8. Otherwise, if LFSRB moves once, there High8 2 possible values ​​B (2) and two possible values ​​of High8 A (2) for a total of 2 * 2 = 4 possible states. Therefore, there will be a total of 8 +4 = 12 possible states for a time t = 2. In general, if the current state is known at time t, then there will be 12 possible states at time t +1.

It compares all possible states at time t = 2, and compare their string bytes associated with K (2). If no match is found then that our guesses for High8 A (1) and High8 B (1) were wrong. After repeating this process 24 times were obtained internal states of all three shift registers which is consistent with the known keystream. Each iteration requires a keystream byte known, and one byte is required for the initial estimate of the High8 bits.
Table extensions A, B

Testing

The attack is analyzed to find the part of the attacks made by which the initial state can be successful for different key lengths for different procedures that are used, with the initial states to 0 will generate a series for LFSR LFSRB, LFSRA and LFSRK, with segment key s of length N, Z {(i)} where: i = 1

• Input: The length of the observed keystream sequence, N.
• Initialization: i = 1, where i is the current attack rate, i also define max, A maximum number of attempted attacks to take place. The LFSR seed initial state index, j is the current B LFSR seed initial state and k is the index K initial state current LFSR seed index.
• Stopping Criteria: The test procedure is stopped when the number of attacks reaches i max out.
• Step 1: Generate initial state pseudorandom seeds ASEED I KSEED BSEED me and I for LFSR's, and LFSRK LFSRB, respectively.
• Step 2: Generate pseudorandom initial states using SEED LFSRA I KSEED BSEED me and I for LFSRA, LFSRB and LFSRK, respectively.
• Step 3: Generate the string of bytes sequence {Z (i)} N i = 1
• Step 4: Apply the attack on Z (i)} N i = 1 for the reconstruction of the initial states of the three LFSRs
• Step 5: If i ≤ i max, Increases i go to step 1.
• Step 6: Finish the procedure.
• Output: LFSRA reconstructed initial states, and LFSRK LFSRB

Bibliographies:

http://en.wikipedia.org/wiki/ORYX

http://www.schneier.com/paper-oryx.pdf

http://kremlinencrypt.com/algorithms.htm

http://www.cs.umd.edu/Honors/reports/cryptanalysis.doc

http://cs.sjsu.edu/~stamp/crypto/PowerPoint_PDF/6_ORYX.pdf