Efficient Software Implementation of LFSR and Boolean Function and Its Application in Nonlinear Combiner Model Sandeepan Chowdhury and Subhamoy Maitra Applied Statistics Unit, Indian Statistical Institute 203 B T Road, Kolkata, Pin 700 108, INDIA sandeepan@consultant.com, subho@isical.ac.in . Abstract. Here we present an efficient implementation strategy and some general design criteria for the standard nonlinear combiner model. This model combines the output sequences of several independent Linear Feedback Shift Registers (LFSRs) using a Boolean function to produce the running key sequence. The model is well studied and a standard target for many cryptanalytic attacks. The naive bitwise software implementation of the LFSRs is not efficient. In this paper we explore an efficient block oriented software implementation technique to make it competitive with the recently proposed fast stream ciphers. Our proposed specifications on this model can resist the fast correlation attacks. To evaluate our design criteria and implementation techniques, we carry out the security and performance analysis considering a specific scheme based on this model. Keywords: Linear Feedback Shift Register, Block Oriented Software Implementation, Boolean Function, Resiliency, Nonlinearity, Algebraic Degree. 1 Introduction Linear Feedback Shift Registers (LFSRs) are the main building block of most of the stream cipher systems. The slow software realization of the bit oriented LFSRs (i.e., LFSRs over GF(2) ) reduces the efficiency of LFSR-based stream ciphers in software. To improve software implementation, recently proposed fast stream ciphers like SNOW [8,9], t-classes of SOBER [18], TURING [19] have opted for word-oriented LFSRs which are actually LFSRs over GF(2 b ). The value of b is taken as 8/16/32 depending on different word sizes of the processor. However, these newly proposed fast stream ciphers are not yet time-tested and some of the newly proposed stream ciphers, like SSC2 [24], SNOW (Version- 1.0), t-classes of SOBER [18], despite being very fast in software, found to have certain weaknesses in their design. In this context we like to draw attention to the well-known LFSR-based nonlinear combiner model of stream cipher. In the J. Zhou, M. Yung, Y. Han (Eds.): ACNS 2003, LNCS 2846, pp. 387–402, 2003. c  Springer-Verlag Berlin Heidelberg 2003