Linear Sequential Circuit Approximation of Grain and Trivium Stream Ciphers
نویسندگان
چکیده
Grain and Trivium are two hardware oriented synchronous stream ciphers proposed as the simplest candidates to the ECRYPT Stream Cipher Project, both dealing with 80-bit secret keys. In this paper we apply the linear sequential circuit approximation method to evaluate the strength of these stream ciphers against distinguishing attack. In this approximation method which was initially introduced by Golic in 1994, linear models are effectively determined for autonomous finite-state machines. We derive linear functions of consecutive key-stream bits which are held with correlation coefficient of about 2 and 2 for Grain and Trivium ciphers, respectively. Then using the concept of socalled generating function, we turn them into linear functions with correlation coefficient of 2 for Grain and 2 for Trivium. It shows that the Grain output sequence can be distinguished from a purely random sequence, using about 2 bits of the output sequence with the same time complexity. However, our attempt fails to find a successful distinguisher for Trivium.
منابع مشابه
Linear Sequential Circuit Approximation of the TRIVIUM Stream Cipher
Abstract TRIVIUM is the simplest ECRYPT Stream Cipher project Candidate which deals with key and IV of length 80. Using the sequential Circuit Approximation method, introduced by Golic in 94, we derive a linear function of consecutive keystream bits which is hold with correlation coefficient of about 2. This shows that TRIVIUM is strong against linear sequential circuit approximation attack in ...
متن کاملChosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers
A recent framework for chosen IV statistical distinguishing analysis of stream ciphers is exploited and formalized to provide new methods for key recovery attacks. As an application, a key recovery attack on simplified versions of two eSTREAM Phase 3 candidates is given: For Grain-128 with IV initialization reduced to up to 180 of its 256 iterations, and for Trivium with IV initialization reduc...
متن کاملOn the Hardness of Trivium and Grain with respect to Generic Time-Memory-Data Tradeoff Attacks
Time-Memory-Data tradeoff attacks (TMD-attacks) like those of Babbage [1], Biryukov and Shamir [2] and Dunkelman, Keller [5] reduce the security level of keystream generator based-stream ciphers to L/2, where L denotes the inner state length. This is one of the reasons why stream ciphers like Trivium [3] and Grain [8] use a session key length n of at most L/2. In this paper, we deal with the qu...
متن کاملComparison of Low-Power Implementations of Trivium and Grain
This paper provides a comparison of the two stream cipher proposals Grain and Trivium which are candidates in the hardware focus phase of the eSTREAM project. We evaluate these algorithms concerning their feasibility to implement them for low-power applications in RFID systems. A triple of parameters which includes the chip area, the power consumption, and the number of clock cycles for encrypt...
متن کاملIoT Security: Performance Evaluation of Grain, MICKEY, and Trivium - Lightweight Stream Ciphers
In this paper, we evaluate the software implementation of eSTREAM Profile II finalists (Grain, MICKEY, and Trivium) on a NodeMCU development kit 1.0 microcontroller. The NodeMCU is programmed by Arduino IDE to run a C++ code that awaits TCP communication over a WiFi network to encrypt or decrypt text using these lightweight stream ciphers. Throughput performance of the cipher implementations on...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2006 شماره
صفحات -
تاریخ انتشار 2006