Entering PIN without confirmation, part 2

20.06.2009 19:44

In my last post I was trying to figure out an optimal strategy for guessing a combination for a lock that only checks the last m symbols entered.

It turned out my venture into the graph theory was a bit of a dead end. As Luka Rahne pointed out to me (on Facebook, no less), there's a different branch of mathematics that offers a much better approach to this problem and even has a connection to my home field of electronics.

Linear feedback shift registers are actually direct solutions to such a problem, albeit only if you limit yourself to two characters (n = 2). These are digital circuits that will generate all 2m-1 different sequences of length m in a shift register (i.e. for each step they insert a single digit at the beginning of the register and drop one at the end). Exception is the state that contains all zeroes, but that is easy to correct with a special case.

It turns out that there exists a generalization of the LFSR for n states. Basically you replace the XOR operations in the feedback loops with arithmetic multiplication and addition modulo n. There is quite a bit of theory behind, of course, but I had trouble finding a higher-level description of it on the internet. A great deal also appears to be patented judging by the ratio of patents that came up in the search.

Just like with ordinary LFSRs, where you need to find the correct locations of the feedback taps, you need to find the correct set of m+1 multiplicative constants in order to get the maximum length sequence (or M-sequence) out of it. This is not really straightforward, as it involves finding a primitive polynomial for the finite (Galois) field GF(nm). Luka posted his Mathematica code to calculate the polynomial's coefficients, but I found it easier to use COS.

Diagram of a non-binary Galois LFSR

Here Si are memory cells holding register states and aj are coefficients of the polynomial:

a_4 x^4 + a_3 x^3 + a_2 x^2 + a_1 x + a_0

My knowledge of this field is a bit superficial and I don't completely understand the connection between this polynomial and the fact that its coefficients will produce the M-sequence. I admit I only skimmed the most interesting parts of an introductory book yesterday. Even my curiosity has limits.

There was only one obstacle left: a finite field only exists for prime characterics n, which means that you can't get a M-sequence for, say, 10 symbols directly. The answer is to factor n and produce a M-sequence for each prime factor (2 and 5 for 10 symbols). You then run two sequences in parallel and assign a symbol to each unique ordered pair you get in this way. So for ordered pairs where the first element can have one of 2 different values and the second element can have one of 5, you get 10 different pairs.

It's easy to show that two sequences ran in parallel with periods

n_1^m \qquad \mathrm{and} \qquad n_2^m

have a composite period of

(n_1 n_2)^m

if n1 and n2 are prime.


So, the final result, a sequence of 10003 keypresses that checks all 4-digit combinations, is below. C code that calculated it and checked for its correctness is here if anyone wants to play with it.

00007559254372858084599981873643682873396507388560205737258390890406577109057085
84407755656998452440953103431203840871976305548700449533810790452084777529615001
28865995256970698666717343853647244639134769304182425975616718038220171921697881
22883937678958816840159505057807206235198963108968447113618950692228573181015663
86685937212772232024957943835883460493374181748586283133070574410206513727615467
46423377876136810868191927035025480677350167368920043177812754478240711183257227
86425153254550496826957587659209644291712969724740441319298114038042533189239285
44227331436116270606531581499603224811334367500940227153898374812000175583453629
48085599890972652682973387417289460215736349380980407577018156094844177547479885
42441953012530212840971967215449600459532901780542085777438714010288759943479607
88667717252952656244739125679205082435974707708128221171830796890228939367699489
06841159414156816206335189873009868457112709940782229573090114672866959363037623
22025957852934892460593365091649486293132161564500207513636714476464333769671269
00869191836134034480777341077269820053176903744568241711092356236864351523455405
86827957496758218644391703879625640451318389104128043533098338294442373305271063
60607531490598612224911325277401840237152989364902001175492552638480955989819627
42683973296516298460315727259281880417576109146184845177456578894424519521035203
02841971876314458600559523811681442095776529704100289759852578616886777163439427
46245739034778214082535965617609028231170921786980229939276798498068511585051469
06207335098972018868557103619841682239572181104762867959272136632220359569439249
82461593274190658486393123071465400217512727704566465333678770278008791909271241
24481777250176278820153167813645468251710183346326865351432554414868379565877483
08645391612978634640551309299005028053532189328384443373214370072606175305815887
02225911234376410840337143899265802011174583542728481955898918636426939723875063
88461315636358290880517567019047084855176547568984425519430134212028519709673045
48601559432910690442195767439605000299758943568706887777072538436462557381257683
04083535874716618028331161831687880239938367788588069511494150478062173341899621
08869557012718850682339563091005662877958363126722221359478538258824715923651807
48487393032170474400317503637605466475332769760368009791818370250244917763411663
68821153076912654468351701093247226875350523544504869379474976492086553907039687
24641551218398014028153523099229284453372305360162607175214914896022359103253665
00841337052998274802111165493443628491954989908726427939632974072884713147273483
80881517476118056084955167457469884435518521124302029519618772054486115585239007
80443195676538614000399749853469606897776163528526463557290356692040935349657067
08029331070930696880339929277689488079510585140568063173250998630088795561037089
40683339472190014662977949273027622231358569528348825715832750816484973921231605
64401317412736614466575323679661268019790909360340245917672510672688311521679027
44469351610192256226975341433445404879378565966582087553816138696246515503093881
04029153432198238284553363215261062617174305904986023359012352674008513361439883
64803111074592452628591945899809626437938723964162885713056372492808915165671081
46085955076556478884535509431025202039518709762144487115494338016804531947675287
04001399658952478606997767073429426473556381346782041935258756076080393301619207
86881339838376698488179501495041468073172341988720089795470136098406933385631801
04663977858372036622331349479429248835714923740906485973830330614644113165037267
04467575232778670268119781819261240255916763500762689311430778036444793507011823
46227975250532454404979369475867482097552907128786247515412192890040391525231883
28285553272314270062717165215805886033358103342764009513270538892648131101655825
42629591854998818626537929633865062895712147362582809915074770090460959541675465
68885535418530034202139509619663044497114585328106805531856774296040113987499425
68607997676172438426573547291247682051934349746166081393210718216868913389293667
88489179410594050468173163251889620099794561126188407933294730810046739769493621
26623331258578438248935705833641806495972921320704645113074136276044775743237687
60269119690918270240355907673401662699310521768126445793416110832462379743415225
44405979278574876482197543817029686257514503182980041391434330892282955523633043
60063717074314814886133349013243664019512361528982649131010754834426395909459889
08627537838732874062995703057263482819914165760180461959450774474688955345095201
24203139418718672044597105495229006815530947764386041113896598434686179967671625
28427573456390256682151925259647066091392301708306869913298392676884991785015841
40469173072350898620199785471027088417932385720900047739678592630266333303495685
28249935614932650806595963831221604655112165126366045775652336696602791187819083
60241355816772410662799301431669026455792507100922463379652514234444159783695649
66483197452916038686357505413083880051390525320982283955432732052600737161653049
04887133258112252664119503271429882659130101744924427395818558898086375369297229
64063995612156272482919905075661080471958541764564689955254194210242131385097087
62045597014594238006915521857665286051112987588524687179876770634284375725473803
46683151834358656066191383211609206879912389382766885991694114850404791721633409
88621199694570036088517923295621800057738769582720267333212594694282599347059227
40807595872930230604755103075027266055774743326786603791096918092602513549077625
00663799210530678026555783417001822473378743504324445159692794658664931965439061
28687357414512092880151381435221882293954523722142601737070752058048971323491023
42665119412370438882759121011645824437394909548988087375278396238640739947031463
62483919814174670080571949451665464699954345184300243131294196096620555961055843
28007915430956674286151103897489424697178967760724285375634572812466931509253487
46067191292310618206979903299283666895990785104940405791630732418886311987855601
26089517832394630800157729679483620277332303584784283599256158236408175949639203
20605755012174036266155765653227686613790187908182603513458176634006737983015207
68027555692516010822573369653405224455158783784748665931874538070286973565055021
82881151290534230882393945433623042611736161742148049971232590032426751185033605
28883759030110654824537385819449888097374369386328641739856130472624939189051647
60081571858550674464799945255085200253130385186186621555870154852280179145219467
64287151012996498424797169877661624295374725562902467931418352496460771903833007
08207979812398292666995981695005840415790721722508887311896954610260995169233847
20801157638778492620377323213485684293598347148326409175858738212206157541031641
26267155674752236686713781097809082613512549166724007737892114216680375547835061
00823573278752414224555149693685648675930965528160287973474154030828911503815243
20883393854532632042711727071643048059970323580122427751094132614288937581211007
44825537294918458888197365279287228651738947120562625939098150656600915709495407
64465799854354094200353121295087086631554961144942281179054318476642971501039865
88425797078976670624395365635463802477930509342586461771812932016082179789033883
82667995890794014840515781631623408897310987944700261995078332856208111567297685
82621377232312494684393589257049226419174949728302207157450130650262771547657423
26687713690196818082713503459067624017736983104306681375456934070008335723697425
04225555058792694648775921875429060297972565144120829911412914252208933929455227
22043711636170652048159961233481022437750185122704289937490310016448355363859085
48889197274378296228751729857021462635938189140746601915618594416644757989453441
84201353030394096086731545871045842291178145308566643971410138874884357961699667
60625395274734472802577921419243486471770903922106083179698132892826779949817841
04841515690730632408997301897845600271994169322946209111476396694826313763233025
84685393498356058226519165859629202217156541120740263771456756432266977127811869
08083713412558076624117727893005206691374547924160009335632796434042355541497827
84649775830974438060397963475045020839910503904342209933838554236220537107271607
42049159870332490022537741095023604299936581300106449355272958094488991963653683
86229751638956030462735929099041646611914709584506645757898552450842113521213841
86087731454970054842391169055209466653970501128964885357870798676606353943657245
62803577830518252486571761813823006093178789122982827779858916850048515147817207
22409997210996854600371985079223846219110567386784827313672332034846953925893461
48227519074958638202317147451021640273770547746522267977036910878080937125035481
66625117636992014206791365457825060019334723786524043355450596836846597749219645
28061397872574054020939901413805242219932929544326221537016370616420591589613225
80023537650194032604399927491201006459354363948184489991872752692862397507299461
20463735838198050646711905619485406655756989542540843113430312850860977305459601
44843391078154218466753961411029864895356961788766607353852756254628135769215083
42487571670912832006193169699023882837778949906940049515056916216224199963019869
44601371894178232846319101477287684837312763322124847953834992470482375181659487
28203317056550030640373761457647422277976127900968081937034134490666351167279821
04207791274556834060119325633687424053354541586926847597658318654280713969635641
44021939810512814242319923839445226231536107360706421591498712234800335367411841
22605399836590210006559345273849084499990963742782863397416398470204737349291881
40647711814718494406755747899443440853112521302940861977214558610448533901691443
08467753870510038864995347871689666617352943746344629135678314092424975707619029
22007193078798032882937769859807840059514147906306225199872118878446113709851683
22847319010576296684937303673223024857952925982560483375090758496282133161475401
20641373670556656422377967037801868091936125124580667351076378830042177903655469
24061119234732696424153345451487826857596749308744281713878734650440319389015029
04243319832938454226331527017261606431590589702324801335276510850226153989275803
000

In conclusion, it turned out that there is quite a lot more than one way optimal way to guess the combination (as each finite field has multiple primitive polynomials and each polynomial yields an unique M-sequence). Still, you won't hack into a beer store anytime soon with this, as any practical implementation surely locks you out after some number of tries or adds an delay.

Posted by Tomaž | Categories: Ideas

Comments

"...Still, you won't hack into a beer store anytime soon with this..."
:[ no happy ending

Posted by David Potočnik (via Facebook)

Hey does COS page generate polynomial over GF(13^100) ?
i got this one:
3+8 x+4 x^2+5 x^3+6 x^4+11 x^5+7 x^7+4 x^8+11 x^9+9 x^11+7 x^12+10 x^13+9 x^14+3 x^16+6 x^17+7 x^18+9 x^19+6 x^20+5 x^21+3 x^22+4 x^23+9 x^25+6 x^26+x^28+5 x^29+5 x^31+12 x^32+5 x^33+9 x^34+6 x^35+6 x^36+4 x^37+3 x^38+10 x^39+9 x^40+10 x^42+9 x^43+12 x^44+9 x^45+9 x^46+12 x^48+3 x^49+8 x^50+9 x^51+x^52+9 x^53+6 x^54+5 x^55+4 x^56+4 x^58+x^59+9 x^60+2 x^61+7 x^64+10 x^65+11 x^66+9 x^67+8 x^68+6 x^69+2 x^70+2 x^71+12 x^72+5 x^73+5 x^74+12 x^75+10 x^76+10 x^77+5 x^78+8 x^79+8 x^80+9 x^81+3 x^82+3 x^83+10 x^84+6 x^85+x^87+12 x^90+10 x^91+5 x^92+10 x^93+8 x^94+8 x^95+3 x^96+2 x^97+8 x^98+9 x^99+x^100
That mean that insted of trying 13^101 combinations, you have only 13^100+12 (if this isnt interesting for you it is for Bruce Schneier)

Well I also found book about generating such polynomials http://www.1stworks.com/ref/RuskeyCombGen.pdf . There is heavy theory behind such polynomials but they are defined as generators of GF. Which means that from its definition you can induce ints proprety in LFSR.

Posted by Luka Rahne

Add a new comment


(No HTML tags allowed. Separate paragraphs with a blank line.)