Related Key Chosen IV Attack on Grain-128a Stream Cipher

Ding, Lin; Guan, Jie

doi:10.1109/tifs.2013.2256419

Cited by 21 publications

(10 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are weaknesses in the initialization procedure of all members of the Grain family [ 4 , 14 ] and Sprout [ 18 , 33 ]. Designers of Plantlet ruled out the related-key attacks.…”

Section: The Resistance To Known Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained Environments

Ghafari

2018

Entropy

View full text Add to dashboard Cite

In Fast Software Encryption (FSE) 2015, while presenting a new idea (i.e., the design of stream ciphers with the small internal state by using a secret key, not only in the initialization but also in the keystream generation), Sprout was proposed. Sprout was insecure and an improved version of Sprout was presented in FSE 2017. We introduced Fruit stream cipher informally in 2016 on the web page of IACR (eprint) and few cryptanalysis were published on it. Fortunately, the main structure of Fruit was resistant. Now, Fruit-80 is presented as a final version which is easier to implement and is secure. The size of LFSR and NFSR in Fruit-80 is only 80 bits (for 80-bit security level), while for resistance to the classical time-memory-data tradeoff (TMDTO) attacks, the internal state size should be at least twice that of the security level. To satisfy this rule and to design a concrete cipher, we used some new design ideas. It seems that the bottleneck of designing an ultra-lightweight stream cipher is TMDTO distinguishing attacks. A countermeasure was suggested, and another countermeasure is proposed here. Fruit-80 is better than other small-state stream ciphers in terms of the initialization speed and area size in hardware. It is possible to redesign many of the stream ciphers and achieve significantly smaller area size by using the new idea.

show abstract

“…There are weaknesses in the initialization procedure of all members of the Grain family [ 4 , 14 ] and Sprout [ 18 , 33 ]. Designers of Plantlet ruled out the related-key attacks.…”

Section: The Resistance To Known Attacksmentioning

confidence: 99%

“…Grain-128a was proposed in 2011 [ 12 ]. Although some attacks have been applied to Grain-128a [ 13 , 14 ], it is still good from the practical point of view.…”

Section: Introductionmentioning

confidence: 99%

Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained Environments

Ghafari

2018

Entropy

View full text Add to dashboard Cite

show abstract

“…These winners are HC-128 [8], Salsa20/12 [9], Rabbit [10] and SOSEMANUK [11] in profile 1 (software-oriented Ciphers) and Grain v1 [12], MICKEY 2.0 [13] and Trivium [14] in profile 2 (hardware oriented cipher). Even after these standardisation efforts, several weaknesses were found in these ciphers [15][16][17][18]. Therefore, it is necessary to make a large amount of effort toward the invention of new replacement schemes.…”

Section: Introductionmentioning

confidence: 99%

Security and performance analysis of SCDSP

Eljadi

Alshaikhli²

2016

IJPCC

View full text Add to dashboard Cite

There are few approaches that attempt to add dynamicity to the structure of stream ciphers in order to improve their security level. SCDSP is a dynamic stream cipher that based on these approaches. It uses dynamic structure and parameters to increase the complexity of the cipher to improve its security level. The dynamic parameters are specified using bits from the secret key. In this paper, SCDSP is evaluated by conducting a performance and security analysis. Furthermore, a comparison between SCDSP and the seven winners of eSTREAM competition is performed. The results show that SCDSP is very promising for practical use.

show abstract

“…In fact, the idea to exploit a weakness of an initialization algorithm by utilizing the slide property is not new, and has been applied to some stream ciphers, e.g. Grain v1 [26], [27], Grain-128a [28], [29], Decim v2 [30], RAKAPOSHI [31], [32]. These results show that the slide property is a very useful tool to evaluate the security of stream ciphers.…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis of Lightweight WG-8 Stream Cipher

Ding

Jin

Guan

et al. 2014

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

WG-8 is a new lightweight variant of the wellknown Welch-Gong (WG) stream cipher family, and takes an 80-bit secret key and an 80-bit initial vector (IV) as inputs. So far no attack on the WG-8 stream cipher has been published except the attacks by the designers. This paper shows that there exist Key-IV pairs for WG-8 that can generate keystreams, which are exact shifts of each other throughout the keystream generation. By exploiting this slide property, an effective key recovery attack on WG-8 in the related key setting is proposed, which has a time complexity of 2 53.32 and requires 2 52 chosen IVs. The attack is minimal in the sense that it only requires one related key. Furthermore, we present an efficient key recovery attack on WG-8 in the multiple related key setting. As confirmed by the experimental results, our attack recovers all 80 bits of WG-8 in <3 min on a PC with 2.5-GHz Intel Pentium 4 processor. This is the first time that a weakness is presented for WG-8, assuming that the attacker can obtain only a few dozen consecutive keystream bits for each IV. Finally, we give a new Key/IV loading proposal for WG-8, which takes an 80-bit secret key and a 64-bit IV as inputs. The new proposal keeps the basic structure of WG-8 and provides enough resistance against our related key attacks.Index Terms-Cryptanalysis, related key attack, WG-8, lightweight stream cipher.

show abstract

Related Key Chosen IV Attack on Grain-128a Stream Cipher

Cited by 21 publications

References 19 publications

Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained Environments

Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained Environments

Security and performance analysis of SCDSP

Cryptanalysis of Lightweight WG-8 Stream Cipher

Contact Info

Product

Resources

About