© The Institution of Engineering and Technology
The well-known stream cipher Grain-128a is the new version of Grain-128. While Grain-128 is vulnerable against several introduced attacks, Grain-128a is claimed to be secure against all known attacks and observations on Grain-128. So far the only published single-key attack on Grain-128a is the conditional differential cryptanalysis proposed by Michael Lehmann et al. at CANS 2012. In their analysis, a distinguishing attack on 189-round Grain-128a in a weak-key setting was proposed. In this study, the authors present two new conditional differential attacks on Grain-128a, i.e. attack A and attack B. In attack A, the authors successfully retrieve 18 secret key expressions for 169-round Grain-128a. To the best of our knowledge, attack A is the first attack to retrieve secret key expressions for reduced Grain-128a. In attack B, the authors extend the distinguishing attack against Grain-128a up to 195 rounds in a weak-key setting. Thus far, attack B is the best known attack for reduced Grain-128a as far as the number of rounds attacked is concerned. Hopefully, the authors’ reflections on the design of Grain-128a provide insights on such compact stream ciphers.
References
-
-
1)
-
2. Wang, X., Yu, H.: ‘How to break MD5 and other hash functions’. Proc. 24th Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT 2005), Aarhus, Denmark, 2005, pp. 19–35.
-
2)
-
11. Aumasson, J.P., Dinur, I., Henzen, L., et al: ‘Efficient FPGA implementations of high-dimensional cube testers on the stream cipher Grain-128’. .
-
3)
-
3. Knellwolf, S.: ‘Cryptanalysis of hardware-oriented ciphers, The Knapsack Generator, and SHA-1’. PhD thesis, ETH Zurich University, 2012.
-
4)
-
1. Knellwolf, S., Meier, W., Naya-Plasencia, M.: ‘Conditional differential cryptanalysis of NLFSR-based cryptosystems’. Proc. 16th Conf. Theory and Application of Cryptology and Inform. Security (ASIACRYPT 2010), Singapore, 2010, pp. 130–145.
-
5)
-
12. Stankovski, P.: ‘Greedy distinguishers and nonrandomness detectors’. Proc. 11th Int. Conf. Cryptology in India (INDOCRYPT 2010), Hyderabad, India, 2010, pp. 210–226.
-
6)
-
8. Sarkar, S.: ‘A new distinguisher on Grain v1 for 106 rounds’. Proc. 11th Int. Conf. Information System Security, Kolkata, India, 2015, pp. 334–344.
-
7)
-
10. Hell, M., Johansson, T., Meier, W.: ‘Grain: a stream cipher for constrained environments’. New Stream Cipher Designs, (4986), 2008, pp. 179–190.
-
8)
-
4. Banik, S.: ‘Some insights into differential cryptanalysis of Grain v1’. Proc. Information Security and Privacy – 19th Australasian Conf. (ACISP 2014), Wollongong, NSW, Australia, 2014, pp. 34–49.
-
9)
-
17. Banik, S., Maitra, S., Sarkar, S.: ‘A differential fault attack on the grain family under reasonable assumptions’. Proc. 13th Int. Conf. Cryptology in India, Kolkata, India, 2012, pp. 191–208.
-
10)
-
7. Banik, S.: ‘Conditional differential cryptanalysis of 105 round Grain v1’. (Springer, Heidelberg, 2015).
-
11)
-
18. Banik, S., Maitra, S., Sarkar, S.: ‘Differential fault attack against grain family with very few faults and minimal assumptions’, IEEE Trans. Comput., 2014, 64, (6), pp. 1647–1657.
-
12)
-
20. Banik, S., Maitra, S., Sarkar, S., et al: ‘A chosen IV related key attack on Grain-128a’. Proc. Information Security and Privacy – 18th Australasian Conf. (ACISP 2013), Brisbane, Australia, 2013, pp. 13–26.
-
13)
-
21. Robert, V.H., Elliot, A.T.: ‘Probability and statistical inference’ (Macmillan Publishing Co., Inc., 1977).
-
14)
-
19. Ding, L., Guan, J.: ‘Related key chosen IV attack on Grain-128a stream cipher’, IEEE Trans. Inf. Forensics Sec., 2013, 8, (5), pp. 803–809.
-
15)
-
5. Lehmann, M., Meier, W.: ‘Conditional differential cryptanalysis of Grain-128a’. Proc. 11th Int. Conf. Cryptology and Network Security (CANS 2012), Darmstadt, Germany, 2012, pp. 1–11.
-
16)
-
13. Miodrag, J.M., Sugata, G., Goutam, P., et al: ‘Generic cryptographic weakness of K-normal Boolean functions in certain stream ciphers and cryptanalysis of Grain-128’, Periodica Mathematica Hungarica, 2012, 65, (2), pp. 205–227.
-
17)
-
14. Dinur, I., Güneysu, T., Paar, C., et al: ‘An experimentally verified attack on full Grain-128 using dedicated reconfigurable hardware’. Proc. 17th Conf. Theory and Application of Cryptology and Information Security (ASIACRYPT 2011), Seoul, South Korea, 2011, pp. 327–343.
-
18)
-
9. Hell, M., Johansson, T., Maximov, A., et al: ‘A stream cipher proposal: Grain-128’. Proc. 2nd Conf. Information Theory, Washington, DC, USA, 2006, pp. 1614–1618.
-
19)
-
6. Knellwolf, S., Meier, W., Naya-Plasencia, M.: ‘Conditional differential cryptanalysis of Trivium and KATAN’. Proc. 18th Int. Workshop on Selected Areas in Cryptography (SAC 2011), Toronto, Ontario, Canada, 2011, pp. 200–212.
-
20)
-
15. Ågren, M., Hell, M., Johansson, T., et al: ‘Grain-128a: a new version of Grain-128 with optional authentication’, Int. J. Wireless Mob. Comput., 2011, 5, (1), pp. 48–59.
-
21)
-
16. Banik, S., Maitra, S., Sarkar, S.: ‘A Differential Fault Attack on Grain-128a Using MACs’. Proc. Security, Privacy, and Applied Cryptography Engineering, (7644), 2012, pp. 111–125.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2016.0060
Related content
content/journals/10.1049/iet-ifs.2016.0060
pub_keyword,iet_inspecKeyword,pub_concept
6
6