In LFSR-based stream ciphers, the knowledge of the feedback equation of the LFSR plays a critical role in most attacks. In word-based stream ciphers such as those in the SNOW series, even if the feedback configuration is hidden, knowing the characteristic polynomial of the state transition matrix of the LFSR enables the attacker to create a feedback equation over $GF(2)$. This, in turn, can be used to launch fast correlation attacks. In this work, we propose a method for hiding both the feedback equation of a word-based LFSR and the characteristic polynomial of the state transition matrix. Here, we employ a $z$-primitive $\sigma$-LFSR whose characteristic polynomial is randomly sampled from the distribution of primitive polynomials over $GF(2)$ of the appropriate degree. We propose an algorithm for locating $z$-primitive $\sigma$-LFSR configurations of a given degree. Further, an invertible matrix is generated from the key. This is then employed to generate a public parameter which is used to retrieve the feedback configuration using the key. If the key size is $n$- bits, the process of retrieving the feedback equation from the public parameter has a average time complexity $\mathbb{O}(2^{n-1})$. The proposed method has been tested on SNOW 2.0 and SNOW 3G for resistance to fast correlation attacks. We have demonstrated that the security of SNOW 2.0 and SNOW 3G increases from 128 bits to 256 bits.

翻译：在基于LFSR的流密码中，LFSR反馈方程的知识在大多数攻击中起着关键作用。在基于字的流密码（如SNOW系列）中，即使隐藏了反馈配置，知道LFSR状态转移矩阵的特征多项式也能使攻击者构建出基于$GF(2)$的反馈方程，从而发起快速相关攻击。本文提出了一种同时隐藏基于字的LFSR反馈方程和状态转移矩阵特征多项式的方法。我们采用了一个$z$-本原$\sigma$-LFSR，其特征多项式从适当次数的$GF(2)$上本原多项式中随机采样得到。我们提出了一种算法用于定位给定次数的$z$-本原$\sigma$-LFSR配置。进一步，通过密钥生成一个可逆矩阵，利用该矩阵构造公共参数，再结合密钥恢复反馈配置。若密钥大小为$n$比特，从公共参数中恢复反馈方程的过程具有平均时间复杂度$\mathbb{O}(2^{n-1})$。该方法已在SNOW 2.0和SNOW 3G上进行了抗快速相关攻击测试。我们证明，SNOW 2.0和SNOW 3G的安全性从128比特提升至256比特。