The Grain Family of Stream Ciphers

Hell, Martin; Johansson, Thomas; Maximov, Alexander; Meier, Willi

doi:10.1007/978-3-540-68351-3_14

Cited by 180 publications

(93 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…in the design of correlators for spread spectrum communication systems, randing systems, or radar systems. It will also be interesting to investigate if it can help us to construct a secure stream cipher which is smaller than the top stream ciphers such as Grain-128 [17] and Trivium [2]. Figure 6 shows a possible diagram in which the outputs of selected stages with the nonlinear update are passed to another nonlinear function, f N 2 , for creating a keystream.…”

Section: Resultsmentioning

confidence: 99%

A Scalable Method for Constructing Galois NLFSRs With Period $2^n-1$ Using Cross-Join Pairs

Dubrova

2013

IEEE Trans. Inform. Theory

View full text Add to dashboard Cite

Abstract. This paper presents a method for constructing n-stage Galois NLFSRs with period 2 n − 1 from n-stage maximum length LFSRs. We introduce nonlinearity into state cycles by adding a nonlinear Boolean function to the feedback polynomial of the LFSR. Each assignment of variables for which this function evaluates to 1 acts as a crossing point for the LFSR state cycle. By adding a copy of the same function to a later stage of the register, we cancel the effect of nonlinearity and join the state cycles back. The presented method requires no extra time steps and it has a smaller area overhead compared to the previous approaches based on cross-join pairs. It is feasible for large n. However, it has a number of limitations. One is that the resulting NLFSRs can have at most ⌊n/2⌋-1 stages with a nonlinear update. Another is that feedback functions depend only on state variables which are updated linearly. The latter implies that sequences generated by the presented method can also be generated using a nonlinear filter generator.

show abstract

Section: Resultsmentioning

confidence: 99%

A Scalable Method for Constructing Galois NLFSRs With Period $2^n-1$ Using Cross-Join Pairs

Dubrova

2013

IEEE Trans. Inform. Theory

View full text Add to dashboard Cite

show abstract

“…, n − 1}, i = j, is valid if for each a ∈ dep(m) and for b defined by (6) the following three conditions hold: If the values of more than one stage z are used to compute the output sequence (e.g. as in Grain [6], Trivium [7], or other filter generators), then the condition 3 should hold for each pair z and (z − 1) modulo n.…”

Section: Formal Descriptionmentioning

confidence: 99%

“…It makes possible to construct classes of shift registers which have structurally isomorphic state transition graphs and generate equivalent sets of output sequences. This is useful for optimizing the hardware performance of shift register-based stream ciphers [6][7][8][9][10] and hash functions [11]. We apply the presented transformation to Trivium [7] and show that it increases its keystream data rate by 27% without any penalty in area.…”

Section: Introductionmentioning

confidence: 99%

An Equivalence-Preserving Transformation of Shift Registers

Dubrova

2014

Sequences and Their Applications - SETA 2014

View full text Add to dashboard Cite

Abstract. The Fibonacci-to-Galois transformation is useful for reducing the propagation delay of feedback shift register-based stream ciphers and hash functions. In this paper, we extend it to handle Galois-to-Galois case as well as feedforward connections. This makes possible transforming Trivium stream cipher and increasing its keystream data rate by 27% without any penalty in area. The presented transformation might open new possibilities for cryptanalysis of Trivium, since it induces a class of stream ciphers which generate the same set of keystreams as Trivium, but have a different structure.

show abstract

“…During the last years several lightweight block ciphers, e.g., see [14,15], and stream ciphers [16,6,26,25,1,24] have been proposed. Stream ciphers usually allow for a higher throughput but require a larger area size compared to block ciphers.…”

Section: Introductionmentioning

confidence: 99%

On Lightweight Stream Ciphers with Shorter Internal States

Armknecht

Mikhalev

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. To be resistant against certain time-memory-data-tradeoff (TMDTO) attacks, a common rule of thumb says that the internal state size of a stream cipher should be at least twice the security parameter. As memory gates are usually the most area and power consuming components, this implies a sever limitation with respect to possible lightweight implementations. In this work, we revisit this rule. We argue that a simple shift in the established design paradigm, namely to involve the fixed secret key not only in the initialization process but in the keystream generation phase as well, enables stream ciphers with smaller area size for two reasons. First, it improves the resistance against the mentioned TMDTO attacks which allows to choose smaller state sizes. Second, one can make use of the fact that storing a fixed value (here: the key) requires less area size than realizing a register of the same length. We demonstrate the feasibility of this approach by describing and implementing a concrete stream cipher Sprout which uses significantly less area than comparable existing lightweight stream ciphers.

show abstract

The Grain Family of Stream Ciphers

Cited by 180 publications

References 9 publications

A Scalable Method for Constructing Galois NLFSRs With Period $2^n-1$ Using Cross-Join Pairs

A Scalable Method for Constructing Galois NLFSRs With Period $2^n-1$ Using Cross-Join Pairs

An Equivalence-Preserving Transformation of Shift Registers

On Lightweight Stream Ciphers with Shorter Internal States

Contact Info

Product

Resources

About