Cryptanalysis of Grain
نویسندگان
چکیده
Grain [11] is a lightweight stream cipher proposed by M. Hell, T. Johansson, and W. Meier to the eSTREAM call for stream cipher proposals of the European project ECRYPT [5]. Its 160-bit internal state is divided into a LFSR and an NFSR of length 80 bits each. A filtering boolean function is used to derive each keystream bit from the internal state. By combining linear approximations of the feedback function of the NFSR and of the filtering function, it is possible to derive linear approximation equations involving the keystream and the LFSR initial state. We present a key recovery attack against Grain which requires 2 computations and 2 keystream bits to determine the 80-bit key.
منابع مشابه
Cryptanalysis of Grain using Time / Memory / Data Tradeoffs
Grain is a hardware-oriented stream cipher designed by Hell et al., which has been selected as one of three hardware portfolio ciphers by eSTREAM, the ECRYPT Stream Cipher Project. Time / memory / data tradeoffs are a class of generic attacks used to invert general one-way functions. We show that Grain has a low resistance to so-called BSWsampling, leading to generic tradeoffs that in the activ...
متن کاملA new method for accelerating impossible differential cryptanalysis and its application on LBlock
Impossible differential cryptanalysis, the extension of differential cryptanalysis, is one of the most efficient attacks against block ciphers. This cryptanalysis method has been applied to most of the block ciphers and has shown significant results. Using structures, key schedule considerations, early abort, and pre-computation are some common methods to reduce complexities of this attack. In ...
متن کاملImpossible Differential Cryptanalysis on Deoxys-BC-256
Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round...
متن کاملCryptanalysis of Stream Cipher Grain Family
Grain v1 is one of the 7 final candidates of ECRYPT eStream project, which involves in the 80-bit secret key. Grain-128 is a variant version with 128-bit secret key, and Grain v0 is the original version in the first evaluation phase. Firstly, we describe a distinguishing attack against the Grain family with weak Key-IVs. Utilizing the second Walsh spectra of the nonlinear functions, we show tha...
متن کاملCryptanalysis of Hardware-Oriented Ciphers the Knapsack Generator, and SHA-1
Symmetric key cryptographic algorithms provide confidentiality, integrity, and authentication in modern communication systems. Our confidence in these algorithms is largely based on the fact that intense cryptanalysis has been carried out over several years without revealing any weakness. This thesis makes three independent contributions to the cryptanalysis of symmetric key primitives and hash...
متن کاملConditional Differential Cryptanalysis of NLFSR-Based Cryptosystems
Non-linear feedback shift registers are widely used in lightweight cryptographic primitives. For such constructions we propose a general analysis technique based on differential cryptanalysis. The essential idea is to identify conditions on the internal state to obtain a deterministic differential characteristic for a large number of rounds. Depending on whether these conditions involve public ...
متن کامل