Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon free Conditional differential attacks on Grain-128a stream cipher

  • Author(s): Zhen Ma 1, 2 ; Tian Tian 2 ; Wen-Feng Qi 2
    • View affiliations
    • Affiliations: 1: State Key Laboratory of Cryptology, P.O. Box 5159, Beijing, 100878, People's Republic of China ;
      2: National Digital Switching System Engineering and Technological Research Center, P.O. Box 407, 62 Kexue Road, Zhengzhou, 450001, People's Republic of China
  • Source: Volume 11, Issue 3, May 2017, p. 139 – 145
    DOI:  10.1049/iet-ifs.2016.0060 , Print ISSN 1751-8709, Online ISSN 1751-8717
© The Institution of Engineering and Technology
Received 27/01/2016, Accepted 21/06/2016, Revised 03/06/2016, Published 24/06/2016

The well-known stream cipher Grain-128a is the new version of Grain-128. While Grain-128 is vulnerable against several introduced attacks, Grain-128a is claimed to be secure against all known attacks and observations on Grain-128. So far the only published single-key attack on Grain-128a is the conditional differential cryptanalysis proposed by Michael Lehmann et al. at CANS 2012. In their analysis, a distinguishing attack on 189-round Grain-128a in a weak-key setting was proposed. In this study, the authors present two new conditional differential attacks on Grain-128a, i.e. attack A and attack B. In attack A, the authors successfully retrieve 18 secret key expressions for 169-round Grain-128a. To the best of our knowledge, attack A is the first attack to retrieve secret key expressions for reduced Grain-128a. In attack B, the authors extend the distinguishing attack against Grain-128a up to 195 rounds in a weak-key setting. Thus far, attack B is the best known attack for reduced Grain-128a as far as the number of rounds attacked is concerned. Hopefully, the authors’ reflections on the design of Grain-128a provide insights on such compact stream ciphers.

Inspec keywords: cryptography

Other keywords: Grain-128a stream cipher; conditional differential attacks; single-key attack; conditional differential cryptanalysis; secret key expression retrieval

Subjects: Cryptography; Data security

References

    1. 1)
      • 2. Wang, X., Yu, H.: ‘How to break MD5 and other hash functions’. Proc. 24th Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT 2005), Aarhus, Denmark, 2005, pp. 1935.
    2. 2)
      • 11. Aumasson, J.P., Dinur, I., Henzen, L., et al: ‘Efficient FPGA implementations of high-dimensional cube testers on the stream cipher Grain-128’. Available at http://eprint.iacr.org/2009/218.pdf, accessed 26 January 2016.
    3. 3)
      • 3. Knellwolf, S.: ‘Cryptanalysis of hardware-oriented ciphers, The Knapsack Generator, and SHA-1’. PhD thesis, ETH Zurich University, 2012.
    4. 4)
      • 1. Knellwolf, S., Meier, W., Naya-Plasencia, M.: ‘Conditional differential cryptanalysis of NLFSR-based cryptosystems’. Proc. 16th Conf. Theory and Application of Cryptology and Inform. Security (ASIACRYPT 2010), Singapore, 2010, pp. 130145.
    5. 5)
      • 12. Stankovski, P.: ‘Greedy distinguishers and nonrandomness detectors’. Proc. 11th Int. Conf. Cryptology in India (INDOCRYPT 2010), Hyderabad, India, 2010, pp. 210226.
    6. 6)
      • 8. Sarkar, S.: ‘A new distinguisher on Grain v1 for 106 rounds’. Proc. 11th Int. Conf. Information System Security, Kolkata, India, 2015, pp. 334344.
    7. 7)
      • 10. Hell, M., Johansson, T., Meier, W.: ‘Grain: a stream cipher for constrained environments’. New Stream Cipher Designs, (LNCS4986), 2008, pp. 179190.
    8. 8)
      • 4. Banik, S.: ‘Some insights into differential cryptanalysis of Grain v1’. Proc. Information Security and Privacy – 19th Australasian Conf. (ACISP 2014), Wollongong, NSW, Australia, 2014, pp. 3449.
    9. 9)
      • 17. Banik, S., Maitra, S., Sarkar, S.: ‘A differential fault attack on the grain family under reasonable assumptions’. Proc. 13th Int. Conf. Cryptology in India, Kolkata, India, 2012, pp. 191208.
    10. 10)
      • 7. Banik, S.: ‘Conditional differential cryptanalysis of 105 round Grain v1’. Cryptography Communication DOI: 10.1007/s12095-015-0146-5 (Springer, Heidelberg, 2015).
    11. 11)
      • 18. Banik, S., Maitra, S., Sarkar, S.: ‘Differential fault attack against grain family with very few faults and minimal assumptions’, IEEE Trans. Comput., 2014, 64, (6), pp. 16471657.
    12. 12)
      • 20. Banik, S., Maitra, S., Sarkar, S., et al: ‘A chosen IV related key attack on Grain-128a’. Proc. Information Security and Privacy – 18th Australasian Conf. (ACISP 2013), Brisbane, Australia, 2013, pp. 1326.
    13. 13)
      • 21. Robert, V.H., Elliot, A.T.: ‘Probability and statistical inference’ (Macmillan Publishing Co., Inc., 1977).
    14. 14)
      • 19. Ding, L., Guan, J.: ‘Related key chosen IV attack on Grain-128a stream cipher’, IEEE Trans. Inf. Forensics Sec., 2013, 8, (5), pp. 803809.
    15. 15)
      • 5. Lehmann, M., Meier, W.: ‘Conditional differential cryptanalysis of Grain-128a’. Proc. 11th Int. Conf. Cryptology and Network Security (CANS 2012), Darmstadt, Germany, 2012, pp. 111.
    16. 16)
      • 13. Miodrag, J.M., Sugata, G., Goutam, P., et al: ‘Generic cryptographic weakness of K-normal Boolean functions in certain stream ciphers and cryptanalysis of Grain-128’, Periodica Mathematica Hungarica, 2012, 65, (2), pp. 205227.
    17. 17)
      • 14. Dinur, I., Güneysu, T., Paar, C., et al: ‘An experimentally verified attack on full Grain-128 using dedicated reconfigurable hardware’. Proc. 17th Conf. Theory and Application of Cryptology and Information Security (ASIACRYPT 2011), Seoul, South Korea, 2011, pp. 327343.
    18. 18)
      • 9. Hell, M., Johansson, T., Maximov, A., et al: ‘A stream cipher proposal: Grain-128’. Proc. 2nd Conf. Information Theory, Washington, DC, USA, 2006, pp. 16141618.
    19. 19)
      • 6. Knellwolf, S., Meier, W., Naya-Plasencia, M.: ‘Conditional differential cryptanalysis of Trivium and KATAN’. Proc. 18th Int. Workshop on Selected Areas in Cryptography (SAC 2011), Toronto, Ontario, Canada, 2011, pp. 200212.
    20. 20)
      • 15. Ågren, M., Hell, M., Johansson, T., et al: ‘Grain-128a: a new version of Grain-128 with optional authentication’, Int. J. Wireless Mob. Comput., 2011, 5, (1), pp. 4859.
    21. 21)
      • 16. Banik, S., Maitra, S., Sarkar, S.: ‘A Differential Fault Attack on Grain-128a Using MACs’. Proc. Security, Privacy, and Applied Cryptography Engineering, (LNCS7644), 2012, pp. 111125.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2016.0060
Loading

Related content

content/journals/10.1049/iet-ifs.2016.0060
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address