The shrinking generator uses two linear-feedback shift registers. One, called the A sequence, generates output bits, while the other, called the S sequence, controls their output. Both A and S are clocked; if the Sbit is 1, then the A bit is output; if the S bit is 0, the A bit is discarded, nothing is output, and the registers are clocked again. This has the disadvantage that the generator's output rate varies irregularly, and in a way that hints at the state of S; this problem can be overcome by buffering the output. The random sequence generated by LFSR can not guarantee the unpredictability in secure system and various methods have been proposed to improve its randomness [2]
Despite this simplicity, there are currently no known attacks better than exhaustive search when the feedback polynomials are secret. If the feedback polynomials are known, however, the best known attack requires less than A • S bits of output.[3]
This example uses two Galois LFRSs to produce the output pseudorandom bitstream. The Python code can be used to encrypt and decrypt a file or any bytestream.
^D. Coppersmith, H. Krawczyk, and Y. Mansour, “The shrinking generator,” in CRYPTO ’93: Proceedings of the 13th annual international cryptology conference on Advances in cryptology, (New York, NY, USA), pp. 22–39, Springer-Verlag New York, Inc., 1994