密码学题目 - LFSR流密码破译

设一个流密码算法使用了一个GF(2)上的8级线性反馈移位寄存器作为密钥流生成器，已知明文0110000101101100的密文为1011010000010011，试破译该密码算法。

解密过程：使用线性反馈移位寄存器（LFSR）破译流密码

已知条件

• 明文：$\text{01100001 01101100}$
• 密文：$\text{10110100 00010011}$

根据流密码的工作原理，密文是通过明文和密钥流进行按位异或生成的。因此，密钥流可以通过明文和密文进行异或恢复：

$$\text{密钥流} = \text{明文} \oplus \text{密文}$$

计算密钥流

第一部分：

$$01100001 \oplus 10110100 = 11010101$$

第二部分：

$$01101100 \oplus 00010011 = 01111111$$

因此，密钥流为：

$$\text{11010101 01111111}$$

构造LFSR的状态

LFSR状态可以表示为一个矩阵形式，通过线性方程组来恢复状态。

已知初始状态$s_0$ 到$s_7$：

$$s_0 = 1, s_1 = 1, s_2 = 0, s_3 = 1, s_4 = 0, s_5 = 1, s_6 = 0, s_7 = 1$$ $$s_{i+8} = c_0 s_{i+7} \oplus c_1 s_{i+6} \oplus c_2 s_{i+5} \oplus \cdots \oplus c_7 s_{i}$$

根据已知密钥流，建立方程组：

$$\begin{cases} s_8 = c_0 s_7 \oplus c_1 s_6 \oplus c_2 s_5 \oplus c_3 s_4 \oplus c_4 s_3 \oplus c_5 s_2 \oplus c_6 s_1 \oplus c_7 s_0 \\ s_9 = c_0 s_8 \oplus c_1 s_7 \oplus c_2 s_6 \oplus c_3 s_5 \oplus c_4 s_4 \oplus c_5 s_3 \oplus c_6 s_2 \oplus c_7 s_1 \\ \vdots \\ s_{15} = c_0 s_{14} \oplus c_1 s_{13} \oplus c_2 s_{12} \oplus c_3 s_{11} \oplus c_4 s_{10} \oplus c_5 s_9 \oplus c_6 s_8 \oplus c_7 s_7 \end{cases}$$

确定反馈系数$c_0, c_1, \ldots, c_7$

构造矩阵方程：

$$\begin{pmatrix} c_7 & c_6 & c_5 & c_4 & c_3 & c_2 & c_1 & c_0 \end{pmatrix} \begin{pmatrix} s_0 & s_1 & s_2 & s_3 & s_4 & s_5 & s_6 & s_7 \\ s_1 & s_2 & s_3 & s_4 & s_5 & s_6 & s_7 & s_8 \\ s_2 & s_3 & s_4 & s_5 & s_6 & s_7 & s_8 & s_9 \\ s_3 & s_4 & s_5 & s_6 & s_7 & s_8 & s_9 & s_{10} \\ s_4 & s_5 & s_6 & s_7 & s_8 & s_9 & s_{10} & s_{11} \\ s_5 & s_6 & s_7 & s_8 & s_9 & s_{10} & s_{11} & s_{12} \\ s_6 & s_7 & s_8 & s_9 & s_{10} & s_{11} & s_{12} & s_{13} \\ s_7 & s_8 & s_9 & s_{10} & s_{11} & s_{12} & s_{13} & s_{14} \end{pmatrix} = \begin{pmatrix} s_{15} & s_{14} & s_{13} & s_{12} & s_{11} & s_{10} & s_{9} &s_{8} \end{pmatrix}$$

将已知密钥流代入：

$$\begin{pmatrix} s_0 & s_1 & s_2 & s_3 & s_4 & s_5 & s_6 & s_7 \\ s_1 & s_2 & s_3 & s_4 & s_5 & s_6 & s_7 & s_8 \\ s_2 & s_3 & s_4 & s_5 & s_6 & s_7 & s_8 & s_9 \\ s_3 & s_4 & s_5 & s_6 & s_7 & s_8 & s_9 & s_{10} \\ s_4 & s_5 & s_6 & s_7 & s_8 & s_9 & s_{10} & s_{11} \\ s_5 & s_6 & s_7 & s_8 & s_9 & s_{10} & s_{11} & s_{12} \\ s_6 & s_7 & s_8 & s_9 & s_{10} & s_{11} & s_{12} & s_{13} \\ s_7 & s_8 & s_9 & s_{10} & s_{11} & s_{12} & s_{13} & s_{14} \end{pmatrix} \begin{pmatrix} c_7 \\ c_6 \\ c_5 \\ c_4 \\ c_3 \\ c_2 \\ c_1 \\ c_0 \end{pmatrix} = \begin{pmatrix} s_8 \\ s_9 \\ s_{10} \\ s_{11} \\ s_{12} \\ s_{13} \\ s_{14} \\ s_{15} \end{pmatrix}$$ $$\begin{pmatrix} 1 & 1 & 0 & 1 & 0 & 1 & 0 & 1 \\ 1 & 0 & 1 & 0 & 1 & 0 & 1 & 0 \\ 0 & 1 & 0 & 1 & 0 & 1 & 0 & 1 \\ 1 & 0 & 1 & 0 & 1 & 0 & 1 & 1 \\ 0 & 1 & 0 & 1 & 0 & 1 & 1 & 1 \\ 1 & 0 & 1 & 0 & 1 & 1 & 1 & 1 \\ 0 & 1 & 0 & 1 & 1 & 1 & 1 & 1 \\ 1 & 0 & 1 & 1 & 1 & 1 & 1 & 1 \end{pmatrix} \begin{pmatrix} c_7 \\ c_6 \\ c_5 \\ c_4 \\ c_3 \\ c_2 \\ c_1 \\ c_0 \end{pmatrix} = \begin{pmatrix} 0 \\ 1 \\ 1 \\ 1 \\ 1 \\ 1 \\ 1 \\ 1 \end{pmatrix}$$

求解此线性方程组可以得到反馈系数$c_0, c_1, \ldots, c_7$。

增广矩阵

我们将矩阵方程写成增广矩阵的形式：

$$\left(\begin{array}{cccccccc|c} 1 & 1 & 0 & 1 & 0 & 1 & 0 & 1 & 0 \\ 1 & 0 & 1 & 0 & 1 & 0 & 1 & 0 & 1 \\ 0 & 1 & 0 & 1 & 0 & 1 & 0 & 1 & 1 \\ 1 & 0 & 1 & 0 & 1 & 0 & 1 & 1 & 1 \\ 0 & 1 & 0 & 1 & 0 & 1 & 1 & 1 & 1 \\ 1 & 0 & 1 & 0 & 1 & 1 & 1 & 1 & 1 \\ 0 & 1 & 0 & 1 & 1 & 1 & 1 & 1 & 1 \\ 1 & 0 & 1 & 1 & 1 & 1 & 1 & 1 & 1 \end{array}\right)$$

高斯消元法步骤

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	1	0	1	0	1	0	1	1
2	1	0	1	0	1	0	1	0	1
3	0	1	0	1	0	1	0	1	1
4	1	0	1	0	1	0	1	1	1
5	0	1	0	1	0	1	1	1	1
6	1	0	1	0	1	1	1	1	1
7	0	1	0	1	1	1	1	1	1
8	1	0	1	1	1	1	1	1	0

尋找第1行第1列的主元

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	1	0	1	0	1	0	1	0
2	1	0	1	0	1	0	1	0	1
3	0	1	0	1	0	1	0	1	1
4	1	0	1	0	1	0	1	1	1
5	0	1	0	1	0	1	1	1	1
6	1	0	1	0	1	1	1	1	1
7	0	1	0	1	1	1	1	1	1
8	1	0	1	1	1	1	1	1	1

将第1行减去第2

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	1	0	1	0	1	0	1	0
2	0	-1	1	-1	1	-1	1	-1	1
3	0	1	0	1	0	1	0	1	1
4	1	0	1	0	1	0	1	1	1
5	0	1	0	1	0	1	1	1	1
6	1	0	1	0	1	1	1	1	1
7	0	1	0	1	1	1	1	1	1
8	1	0	1	1	1	1	1	1	1

将第1行减去第4

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	1	0	1	0	1	0	1	0
2	0	-1	1	-1	1	-1	1	-1	1
3	0	1	0	1	0	1	0	1	1
4	0	-1	1	-1	1	-1	1	0	1
5	0	1	0	1	0	1	1	1	1
6	1	0	1	0	1	1	1	1	1
7	0	1	0	1	1	1	1	1	1
8	1	0	1	1	1	1	1	1	1

将第1行减去第6

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	1	0	1	0	1	0	1	0
2	0	-1	1	-1	1	-1	1	-1	1
3	0	1	0	1	0	1	0	1	1
4	0	-1	1	-1	1	-1	1	0	1
5	0	1	0	1	0	1	1	1	1
6	0	-1	1	-1	1	0	1	0	1
7	0	1	0	1	1	1	1	1	1
8	1	0	1	1	1	1	1	1	1

将第1行减去第8

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	1	0	1	0	1	0	1	0
2	0	-1	1	-1	1	-1	1	-1	1
3	0	1	0	1	0	1	0	1	1
4	0	-1	1	-1	1	-1	1	0	1
5	0	1	0	1	0	1	1	1	1
6	0	-1	1	-1	1	0	1	0	1
7	0	1	0	1	1	1	1	1	1
8	0	-1	1	0	1	0	1	0	1

尋找第2行第2列的主元（反轉全行的正負號）

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	1	0	1	0	1	0	1	0
2	0	1	-1	1	-1	1	-1	1	-1
3	0	1	0	1	0	1	0	1	1
4	0	-1	1	-1	1	-1	1	0	1
5	0	1	0	1	0	1	1	1	1
6	0	-1	1	-1	1	0	1	0	1
7	0	1	0	1	1	1	1	1	1
8	0	-1	1	0	1	0	1	0	1

将第2行减去第1

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	1	0	1	0	1	0	1
2	0	1	-1	1	-1	1	-1	1	-1
3	0	1	0	1	0	1	0	1	1
4	0	-1	1	-1	1	-1	1	0	1
5	0	1	0	1	0	1	1	1	1
6	0	-1	1	-1	1	0	1	0	1
7	0	1	0	1	1	1	1	1	1
8	0	-1	1	0	1	0	1	0	1

将第2行减去第3

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	1	0	1	0	1	0	1
2	0	1	-1	1	-1	1	-1	1	-1
3	0	0	1	0	1	0	1	0	2
4	0	-1	1	-1	1	-1	1	0	1
5	0	1	0	1	0	1	1	1	1
6	0	-1	1	-1	1	0	1	0	1
7	0	1	0	1	1	1	1	1	1
8	0	-1	1	0	1	0	1	0	1

将第2行乘以-1

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	1	0	1	0	1	0	1
2	0	-1	1	-1	1	-1	1	-1	1
3	0	0	1	0	1	0	1	0	2
4	0	-1	1	-1	1	-1	1	0	1
5	0	1	0	1	0	1	1	1	1
6	0	-1	1	-1	1	0	1	0	1
7	0	1	0	1	1	1	1	1	1
8	0	-1	1	0	1	0	1	0	1

将第2行减去第4

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	1	0	1	0	1	0	1
2	0	-1	1	-1	1	-1	1	-1	1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	0	0	0	0	1	0
5	0	1	0	1	0	1	1	1	1
6	0	-1	1	-1	1	0	1	0	1
7	0	1	0	1	1	1	1	1	1
8	0	-1	1	0	1	0	1	0	1

将第2行乘以-1

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	1	0	1	0	1	0	1
2	0	1	-1	1	-1	1	-1	1	-1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	0	0	0	0	1	0
5	0	1	0	1	0	1	1	1	1
6	0	-1	1	-1	1	0	1	0	1
7	0	1	0	1	1	1	1	1	1
8	0	-1	1	0	1	0	1	0	1

将第2行减去第5

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	1	0	1	0	1	0	1
2	0	1	-1	1	-1	1	-1	1	-1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	0	0	0	0	1	0
5	0	0	1	0	1	0	2	0	2
6	0	-1	1	-1	1	0	1	0	1
7	0	1	0	1	1	1	1	1	1
8	0	-1	1	0	1	0	1	0	1

将第2行乘以-1

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	1	0	1	0	1	0	1
2	0	-1	1	-1	1	-1	1	-1	1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	0	0	0	0	1	0
5	0	0	1	0	1	0	2	0	2
6	0	-1	1	-1	1	0	1	0	1
7	0	1	0	1	1	1	1	1	1
8	0	-1	1	0	1	0	1	0	1

将第2行减去第6

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	1	0	1	0	1	0	1
2	0	-1	1	-1	1	-1	1	-1	1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	0	0	0	0	1	0
5	0	0	1	0	1	0	2	0	2
6	0	0	0	0	0	1	0	1	0
7	0	1	0	1	1	1	1	1	1
8	0	-1	1	0	1	0	1	0	1

将第2行乘以-1

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	1	0	1	0	1	0	1
2	0	1	-1	1	-1	1	-1	1	-1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	0	0	0	0	1	0
5	0	0	1	0	1	0	2	0	2
6	0	0	0	0	0	1	0	1	0
7	0	1	0	1	1	1	1	1	1
8	0	-1	1	0	1	0	1	0	1

将第2行减去第7

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	1	0	1	0	1	0	1
2	0	1	-1	1	-1	1	-1	1	-1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	0	0	0	0	1	0
5	0	0	1	0	1	0	2	0	2
6	0	0	0	0	0	1	0	1	0
7	0	0	1	0	2	0	2	0	2
8	0	-1	1	0	1	0	1	0	1

将第2行乘以-1

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	1	0	1	0	1	0	1
2	0	-1	1	-1	1	-1	1	-1	1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	0	0	0	0	1	0
5	0	0	1	0	1	0	2	0	2
6	0	0	0	0	0	1	0	1	0
7	0	0	1	0	2	0	2	0	2
8	0	-1	1	0	1	0	1	0	1

将第2行减去第8行再还原

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	1	0	1	0	1	0	1
2	0	1	-1	1	-1	1	-1	1	-1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	0	0	0	0	1	0
5	0	0	1	0	1	0	2	0	2
6	0	0	0	0	0	1	0	1	0
7	0	0	1	0	2	0	2	0	2
8	0	0	0	1	0	1	0	1	0

尋找第3行第3列的主元

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	1	0	1	0	1	0	1
2	0	1	-1	1	-1	1	-1	1	-1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	0	0	0	0	1	0
5	0	0	1	0	1	0	2	0	2
6	0	0	0	0	0	1	0	1	0
7	0	0	1	0	2	0	2	0	2
8	0	0	0	1	0	1	0	1	0

将第3行减去第1

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	-1	1	-1	1	-1	1	-1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	0	0	0	0	1	0
5	0	0	1	0	1	0	2	0	2
6	0	0	0	0	0	1	0	1	0
7	0	0	1	0	2	0	2	0	2
8	0	0	0	1	0	1	0	1	0

将第3行乘以-1

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	-1	1	-1	1	-1	1	-1
3	0	0	-1	0	-1	0	-1	0	-2
4	0	0	0	0	0	0	0	1	0
5	0	0	1	0	1	0	2	0	2
6	0	0	0	0	0	1	0	1	0
7	0	0	1	0	2	0	2	0	2
8	0	0	0	1	0	1	0	1	0

将第3行减去第2

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	0	1	0	1	0	1	1
3	0	0	-1	0	-1	0	-1	0	-2
4	0	0	0	0	0	0	0	1	0
5	0	0	1	0	1	0	2	0	2
6	0	0	0	0	0	1	0	1	0
7	0	0	1	0	2	0	2	0	2
8	0	0	0	1	0	1	0	1	0

将第3行乘以-1

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	0	1	0	1	0	1	1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	0	0	0	0	1	0
5	0	0	1	0	1	0	2	0	2
6	0	0	0	0	0	1	0	1	0
7	0	0	1	0	2	0	2	0	2
8	0	0	0	1	0	1	0	1	0

将第3行减去第5

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	0	1	0	1	0	1	1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	0	0	0	0	1	0
5	0	0	0	0	0	0	1	0	0
6	0	0	0	0	0	1	0	1	0
7	0	0	1	0	2	0	2	0	2
8	0	0	0	1	0	1	0	1	0

将第3行减去第7

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	0	1	0	1	0	1	1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	0	0	0	0	1	0
5	0	0	0	0	0	0	1	0	0
6	0	0	0	0	0	1	0	1	0
7	0	0	0	0	1	0	1	0	0
8	0	0	0	1	0	1	0	1	0

尋找第4列的中心點,及對調第8行及第4行的位置

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	0	1	0	1	0	1	1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	1	0	1	0	1	0
5	0	0	0	0	0	0	1	0	0
6	0	0	0	0	0	1	0	1	0
7	0	0	0	0	1	0	1	0	0
8	0	0	0	0	0	0	0	1	0

将第4行减去第2

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	0	0	0	0	0	0	1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	1	0	1	0	1	0
5	0	0	0	0	0	0	1	0	0
6	0	0	0	0	0	1	0	1	0
7	0	0	0	0	1	0	1	0	0
8	0	0	0	0	0	0	0	1	0

尋找第5列的中心點,及對調第7行及第5行的位置

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	0	0	0	0	0	0	1
3	0	0	1	0	1	0	1	0	2
4	0	0	0	1	0	1	0	1	0
5	0	0	0	0	1	0	1	0	0
6	0	0	0	0	0	1	0	1	0
7	0	0	0	0	0	0	1	0	0
8	0	0	0	0	0	0	0	1	0

将第5行减去第3

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	0	0	0	0	0	0	1
3	0	0	1	0	0	0	0	0	2
4	0	0	0	1	0	1	0	1	0
5	0	0	0	0	1	0	1	0	0
6	0	0	0	0	0	1	0	1	0
7	0	0	0	0	0	0	1	0	0
8	0	0	0	0	0	0	0	1	0

尋找第6行第6列的主元

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	0	0	0	0	0	0	1
3	0	0	1	0	0	0	0	0	2
4	0	0	0	1	0	1	0	1	0
5	0	0	0	0	1	0	1	0	0
6	0	0	0	0	0	1	0	1	0
7	0	0	0	0	0	0	1	0	0
8	0	0	0	0	0	0	0	1	0

将第6行减去第4

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	0	0	0	0	0	0	1
3	0	0	1	0	0	0	0	0	2
4	0	0	0	1	0	0	0	0	0
5	0	0	0	0	1	0	1	0	0
6	0	0	0	0	0	1	0	1	0
7	0	0	0	0	0	0	1	0	0
8	0	0	0	0	0	0	0	1	0

尋找第7行第7列的主元

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	0	0	0	0	0	0	1
3	0	0	1	0	0	0	0	0	2
4	0	0	0	1	0	0	0	0	0
5	0	0	0	0	1	0	1	0	0
6	0	0	0	0	0	1	0	1	0
7	0	0	0	0	0	0	1	0	0
8	0	0	0	0	0	0	0	1	0

将第7行减去第5

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	0	0	0	0	0	0	1
3	0	0	1	0	0	0	0	0	2
4	0	0	0	1	0	0	0	0	0
5	0	0	0	0	1	0	0	0	0
6	0	0	0	0	0	1	0	1	0
7	0	0	0	0	0	0	1	0	0
8	0	0	0	0	0	0	0	1	0

尋找第8行第8列的主元

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	0	0	0	0	0	0	1
3	0	0	1	0	0	0	0	0	2
4	0	0	0	1	0	0	0	0	0
5	0	0	0	0	1	0	0	0	0
6	0	0	0	0	0	1	0	1	0
7	0	0	0	0	0	0	1	0	0
8	0	0	0	0	0	0	0	1	0

将第8行减去第6

	X1	X2	X3	X4	X5	X6	X7	X8	b
1	1	0	0	0	0	0	0	0	-1
2	0	1	0	0	0	0	0	0	1
3	0	0	1	0	0	0	0	0	2
4	0	0	0	1	0	0	0	0	0
5	0	0	0	0	1	0	0	0	0
6	0	0	0	0	0	1	0	0	0
7	0	0	0	0	0	0	1	0	0
8	0	0	0	0	0	0	0	1	0

解:

x8 = -1

x7 = 1

x6 = 2

x5 = 0

x4 = 0

x3 = 0

x2 = 0

x1 = 0

所以GF(2):

x8 = 1

x7 = 1

x6 = 0

x5 = 0

x4 = 0

x3 = 0

x2 = 0

x1 = 0

解方程组

可以看到，通过高斯消元法，已经将增广矩阵转换为上三角矩阵。接下来我们可以通过回代法求解：

1. 从最后一行开始，直接得到：

   $$c_7 = 1$$

2. 回代到第7行：

   $$c_6 = 1$$

3. 回代到第6行：

   $$c_5 = 0$$

4. 回代到第5行：

   $$c_4 = 0$$

5. 回代到第4行：

   $$c_3 = 0$$

6. 回代到第3行：

   $$c_2 = 0$$

7. 回代到第2行：

   $$c_1 = 0$$

8. 回代到第1行：

   $$c_0 = 0$$

最终得到反馈系数：

$$\begin{pmatrix} c_7 \\ c_6 \\ c_5 \\ c_4 \\ c_3 \\ c_2 \\ c_1 \\ c_0 \end{pmatrix} = \begin{pmatrix} 1 \\ 1 \\ 0 \\ 0 \\ 0 \\ 0 \\ 0 \\ 0 \end{pmatrix}$$

验证和构造反馈系数

解得：

$$\begin{pmatrix} c_7 \\ c_6 \\ c_5 \\ c_4 \\ c_3 \\ c_2 \\ c_1 \\ c_0 \end{pmatrix} = \begin{pmatrix} 1 \\ 1 \\ 0 \\ 0 \\ 0 \\ 0 \\ 0 \\ 0 \end{pmatrix}$$

因此，反馈系数为：

$$s_{i+8} = s_i \oplus s_{i+1}$$

确认反馈函数

构造特征方程并验证初始密钥流和反馈函数：

$$s_{i+8} = s_{i+1} \oplus s_{i}$$

初始状态为$\text{11000000}$ 和反馈系数一起生成后续密钥流。

反馈函数为$f(a_1,a_2,a_3,a_4,a_5,a_6,a_7,a_8) \equiv (a_1+a_2) \mod{2}$

结论

通过明文和密文的异或运算，我们恢复了初始密钥流，并使用线性代数方法确定了反馈函数。使用该反馈函数，可以验证初始密钥流的正确性，从而确定正确的密钥生成过程。