Fault Cryptanalysis and the Shrinking Generator

                    Marcin Gomulkiewicz, Miroslaw Kutylowski, Pawel Wlaz

We present two efficient and simple fault attacks on the shrinking generator. 
In a first case if the attacker  can stop control generator for some small number of steps 
and observe the output, then with high probability he can deduce the full control sequence,
and so the other input bitstream. The second method assumes that the attacker 
can disturb the control sequence (in an unpredictable and random way) 
and observe many samples of such experiments. Then he can reconstruct acertain sequence
that agrees with the input sequence of the generator on a large fraction of bits.

Keywords: fault cryptanalysis, shrinking generator