Fruit-v2: Ultra-Lightweight Stream Cipher with Shorter Internal State

A few lightweight stream ciphers were introduced for hardware applications in the eSTREAM project. In FSE 2015, while presenting a new idea (i.e. the design of stream ciphers with the shorter internal state by using a secret key, not only in the initialization but also in the keystream generation), Sprout was proposed. Unfortunately, Sprout is insecure. Because Grain-v1 is the lightest cipher in the portfolio of the eSTREAM project, we introduce Fruit-v2 as a successor of the Grain-v1 and Sprout. It is demonstrated that Fruit-v2 is safe and ultra-lightweight. The size of LFSR and NFSR in Fruit-v2 is only 80 bits (for 80-bit security level), while for resistance to the classical time-memory-data trade-off attack, the internal state size should be at least twice of the security level. To satisfy this rule and to design a concrete cipher, we used some new design ideas. The discussions are presented that Fruit-v2 can be more resistant than Grain-v1 to some attacks such as classical timememory-data trade-off. The main objective of this work is to show how it is possible to exploit a secret key in a design to achieve smaller area size. It is possible to redesign many of stream ciphers (by the new idea) and achieve significantly smaller area size.