Advanced conditional differential attack on Grain-like stream cipher and application on Grain v1

Advanced conditional differential attack on Grain-like stream cipher and application on Grain v1

For access to this article, please select a purchase option:

Buy eFirst article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Conditional differential attacks against non-linear feedback shift register based cryptosystems were proposed by Knellwolf et al. at Asiacrypt 2010. In this study, the authors propose an advanced conditional differential attack on Grain-like stream cipher. They trace propagations of a single bit difference of internal states both inversely and forward. Methods of both searching for the longest inverse difference characteristic with probability one and deriving initial value (IV) conditions with the max inverse round are introduced. When tracing forward, conditions are imposed to limit the propagation of difference to obtain a high bias. Conditions of the proposed method are only imposed on IV bits and the proposed attack works in the single-key setting. Moreover, a method of recovering key expressions as well as bias-complexity-success probability target is presented in this study. Using the proposed method, the authors conduct a key recovery attack on 114-round Grain v1, recovering 6 key expressions with the time complexity of 232, which is also verified by experiments. With more conditions imposed, this attack can be improved to Grain v1 of 120 rounds, recovering 12 key expressions with the time complexity of 242.75 and theoretical success probability of about 93%, which is ten rounds longer than the longest previous result of Grain v1 in the single-key setting.

Related content

This is a required field
Please enter a valid email address