Cryptanalysis of Full Sprout

Lallemand, Virginie; Naya-Plasencia, Maŕıa

doi:10.1007/978-3-662-47989-6_32

Cited by 35 publications

(28 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Merging the lists and dissection algorithm such as that for divide-and-conquer and rebound attacks find applications in ARMADILLO2 [1], ECHO256 [76], JH42 [77], Grstl [70], Klein, AES-like, Sprout [59], and Ketje. Among the popular algorithm specific attack schemes, such as for PRESENT, the most effective approach as been multiple linear attacks using Sieving, forward and backward computations [60].…”

Section: Cryptanalysis Methodsmentioning

confidence: 99%

An overview of memristive cryptography

James

2019

Eur. Phys. J. Spec. Top.

View full text Add to dashboard Cite

Smaller, smarter and faster edge devices in the Internet of things era demands secure data analysis and transmission under resource constraints of hardware architecture. Lightweight cryptography on edge hardware is an emerging topic that is essential to ensure data security in near-sensor computing systems such as mobiles, drones, smart cameras and wearables. In this article, the current state of memristive cryptography is placed in context of lightweight hardware cryptography. The paper provides a brief overview of the traditional hardware lightweight cryptography and cryptanalysis approaches. The contrast for memristive cryptography with respect to traditional approaches is evident through this article, and need to develop a more concrete approach to developing memristive cryptanalysis to test memristive cryptographic approaches is highlighted. a

show abstract

Section: Cryptanalysis Methodsmentioning

confidence: 99%

An overview of memristive cryptography

James

2019

Eur. Phys. J. Spec. Top.

View full text Add to dashboard Cite

show abstract

“…Since the notion of stream ciphers with keyed update function is a new topic in lightweight cryptography, the research on stream ciphers with keyed update function are made in the last few years. [9], [10], [11], [12], [13], [16] are some examples of them.…”

Section: Related Workmentioning

confidence: 99%

“…Kara and Esgin introduced a guess and determine attack combined with a divide and conquer attack on full Sprout [9]. Lallemand and Plasencia proposed a divide-andconquer attack for recovering the key bits of Sprout [10]. Kara and Esgin introduced generalized divide and conquer attack on stream ciphers with keyed update function.…”

Section: Related Workmentioning

confidence: 99%

“…They dened it as keystream generator with keyed update function. Sprout was broken after a short time by many researchers [9], [10], [11], [12], [13], so the designers of Sprout developed another algorithm, Plantlet [14] by xing the bugs and the weaknesses of Sprout. Plantlet has been in the literature for about 2 years and there has been no successful attack proposed…”

Section: List Of Figures Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Parametric Guess and Determine Attack on Stream Ciphers

Kara

Kucukkubas

2019

2019 IEEE 30th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC Workshops)

View full text Add to dashboard Cite

The need for lightweight cryptography for resource-constrained devices gained a great importance due to the rapid evolution and usage of IoT devices in the world. Although it has been common in the cryptology community that stream ciphers are more ecient in speed and area than symmetric block ciphers, it has been seen in the last 10-15 years that most of ciphers designed for resource-constrained devices to take up less area and less energy on hardware-based platforms, such as ASIC or FPGA, are lightweight symmetric block ciphers.On the other hand, the design and analysis of stream ciphers using keyed internal update function is put forward against this belief and it has become one of the popular study subjects in the literature in the last few years. Plantlet, proposed in 2017, its predecessor Sprout, proposed in 2015 and Fruit proposed in 2016, are famous algorithms as instances of stream ciphers using keyed internal update function. Sprout was broken after a short time by many researchers but Plantlet hasn't been successfully broken yet and there has been only one attack mounted on Fruit since it was proposed.Traditionally, key stream generators of stream ciphers update their internal states only by using their current internal state. Since the use of the key in the internal update is a new approach, the security analysis of this approach is not fully understood. In this study, the security analysis of the key stream generators with keyed update function has been studied. A new attack algorithm for internal state recovery and key recovery has been developed and mounted on Plantlet algorithm as an instance of stream ciphers with keyed update function. The state bits and key bits are successfully recovered. In the second phase, the attack algorithm was mounted on Fruit algorithm and state bits and key bits are also recovered successfully.

show abstract

“…Unfortunately, a lot of attacks immediately broke this construction. A state recovery attack based on a guess and determine attack was first proposed in [39]. This attack was faster than exhaustive search by a factor of about 2 10 and had a memory complexity of 2 46 bits.…”

Section: Introductionmentioning

confidence: 99%

On Design of Robust Lightweight Stream Cipher with Short Internal State

Banik

Isobe

Morii

2018

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

SUMMARYThe stream cipher Sprout with a short internal state was proposed in FSE 2015. Although the construction guaranteed resistance to generic Time Memory Data Tradeoff attacks, there were some weaknesses in the design and the cipher was completely broken. In this paper we propose a family of stream ciphers LILLE in which the size of the internal state is half the size of the secret key. Our main goal is to develop robust lightweight stream cipher. To achieve it, our cipher based on the two-key Even Mansour construction and thus its security against key/state recovery attacks reduces to a well analyzed problem. We also prove that like Sprout, the construction is resistant to generic Time Memory Data Tradeoff attacks. Unlike Sprout, the construction of the cipher guarantees that there are no weak key-IV pairs which produce a keystream sequence with short period or which make the algebraic structure of the cipher weaker and easy to cryptanalyze. The reference implementations of all members of the LILLE family with standard cell libraries based on the STM 90nm and 65 nm processes were also found to be smaller than Grain v1 while security of LILLE family depend on reliable problem in the symmetric cryptography.

show abstract

Cryptanalysis of Full Sprout

Cited by 35 publications

References 23 publications

An overview of memristive cryptography

An overview of memristive cryptography

Parametric Guess and Determine Attack on Stream Ciphers

On Design of Robust Lightweight Stream Cipher with Short Internal State

Contact Info

Product

Resources

About