On Analysis of Lightweight Stream Ciphers with Keyed Update

Kara, Orhun; Esgin, Muhammed F.

doi:10.1109/tc.2018.2851239

Cited by 12 publications

(14 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since the notion of stream ciphers with keyed update function is a new topic in lightweight cryptography, the research on stream ciphers with keyed update function are made in the last few years. [9], [10], [11], [12], [13], [16] are some examples of them.…”

Section: Related Workmentioning

confidence: 99%

“…It is an internal state recovery attack and can be mounted if guess capacity of the cipher is greater than one-half [11]. Zhang and Gong introduced TMD tradeo attack developed by for stream ciphers having shorter internal states [12].…”

Section: Related Workmentioning

confidence: 99%

“…They dened it as keystream generator with keyed update function. Sprout was broken after a short time by many researchers [9], [10], [11], [12], [13], so the designers of Sprout developed another algorithm, Plantlet [14] by xing the bugs and the weaknesses of Sprout. Plantlet has been in the literature for about 2 years and there has been no successful attack proposed…”

Section: List Of Figures Introductionmentioning

confidence: 99%

“…The key bits are not always used in the internal state update function where feedback values can be determined or guessed without knowing the key bits for some of the internal states. Just after their attack on Sprout, they generalized the attack idea and introduced a new algorithm that can be successfully mounted on any keystream generator with keyed update function where the key bits are incorporated into the states during state update in a biased manner [11]. It may still be possible to guess the feedback value without knowing the key with an overwhelming probability.…”

Section: List Of Figures Introductionmentioning

confidence: 99%

“…In this study, we proposed a new generic internal state and key recovery attack for stream ciphers with keyed update function having guess capacity one-half and applied it on Plantlet and Fruit. We used the attack developed by Kara and Esgin [11] as the starting point. Their attack was applied to Sprout but could not be applied to Plantlet because of the round key function of Plantlet.…”

Section: List Of Figures Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Parametric Guess and Determine Attack on Stream Ciphers

Kara

Kucukkubas

2019

2019 IEEE 30th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC Workshops)

Self Cite

View full text Add to dashboard Cite

The need for lightweight cryptography for resource-constrained devices gained a great importance due to the rapid evolution and usage of IoT devices in the world. Although it has been common in the cryptology community that stream ciphers are more ecient in speed and area than symmetric block ciphers, it has been seen in the last 10-15 years that most of ciphers designed for resource-constrained devices to take up less area and less energy on hardware-based platforms, such as ASIC or FPGA, are lightweight symmetric block ciphers.On the other hand, the design and analysis of stream ciphers using keyed internal update function is put forward against this belief and it has become one of the popular study subjects in the literature in the last few years. Plantlet, proposed in 2017, its predecessor Sprout, proposed in 2015 and Fruit proposed in 2016, are famous algorithms as instances of stream ciphers using keyed internal update function. Sprout was broken after a short time by many researchers but Plantlet hasn't been successfully broken yet and there has been only one attack mounted on Fruit since it was proposed.Traditionally, key stream generators of stream ciphers update their internal states only by using their current internal state. Since the use of the key in the internal update is a new approach, the security analysis of this approach is not fully understood. In this study, the security analysis of the key stream generators with keyed update function has been studied. A new attack algorithm for internal state recovery and key recovery has been developed and mounted on Plantlet algorithm as an instance of stream ciphers with keyed update function. The state bits and key bits are successfully recovered. In the second phase, the attack algorithm was mounted on Fruit algorithm and state bits and key bits are also recovered successfully.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: List Of Figures Introductionmentioning

confidence: 99%

Section: List Of Figures Introductionmentioning

confidence: 99%

Section: List Of Figures Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Parametric Guess and Determine Attack on Stream Ciphers

Kara

Kucukkubas

2019

2019 IEEE 30th International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC Workshops)

Self Cite

View full text Add to dashboard Cite

show abstract

Selected Design and Analysis Techniques for Contemporary Symmetric Encryption

Mikhalev

Mihaljević

Kara

et al. 2021

Security of Ubiquitous Computing Systems

View full text Add to dashboard Cite

In this chapter we provide an overview of selected methods for the design and analysis of symmetric encryption algorithms that have recently been published. We start by discussing the practical advantages, limitations and security of the keystream generators with keyed update functions which were proposed for reducing the area cost of stream ciphers. Then we present an approach to enhancing the security of certain encryption schemes by employing a universal homophonic coding and randomized encryption paradigm.

show abstract

Characterizing a Time–Memory Tradeoff Against PudgyTurtle

August¹,

Smith

2023

SN COMPUT. SCI.

View full text Add to dashboard Cite

PudgyTurtle is not a cipher, but rather an alternative way to utilize the keystream in binary-additive stream-cipher cryptosystems. Instead of modulo-2 adding the keystream to the plaintext, PudgyTurtle uses the keystream to encode 4-bit groups of plaintext, and then to encipher each codeword. One goal of PudgyTurtle is to make time–memory tradeoff attacks more difficult. Here, we investigate one such attack (a modification of the well-known Babbage–Golić method), and show that its time-complexity is harder on average than an analogous tradeoff attack against a standard binary-additive stream cipher; may approach that of a ’brute-force’ attack; can be reduced by certain parameter choices; and can be formulated in terms of a probability distribution which is amenable to simulation.

show abstract

On Analysis of Lightweight Stream Ciphers with Keyed Update

Cited by 12 publications

References 8 publications

Parametric Guess and Determine Attack on Stream Ciphers

Parametric Guess and Determine Attack on Stream Ciphers

Selected Design and Analysis Techniques for Contemporary Symmetric Encryption

Characterizing a Time–Memory Tradeoff Against PudgyTurtle

Contact Info

Product

Resources

About