Journal of Hardware and Systems Security

, Volume 3, Issue 1, pp 64–77 | Cite as

Certain Observations on ACORN v3 and Grain v1—Implications Towards TMDTO Attacks

  • Akhilesh Anilkumar SiddhantiEmail author
  • Subhamoy Maitra
  • Nishant Sinha


It is known that for a stream cipher with state size less than 2.5 times the key size, it is possible to mount a Time-Memory-Data Trade-Off attack with an online complexity lower than the exhaustive key search. The search space is restricted by considering a fixed keystream prefix and deducing certain state bits by formulating equations. We show how by using SAT solving techniques one can automate this process of solving equations and obtain better parameters. This is demonstrated by mounting TMDTO attacks on ACORN v3 and Grain v1. We show that a TMDTO attack can be mounted on ACORN v3 with a preprocessing complexity 2171 and 2180 (without and with the help of a SAT solver) and the maximum of online time, memory and data complexities 2122 and 2120 respectively. For Grain v1, we show that it is possible to obtain parameters as T = 268.06, M = 264, D = 268 with a preprocessing complexity of 296. While our results do not refute any claim of the designers, these observations might be useful for further understanding of the ciphers.


ACORN v3 CAESAR Cryptanalysis Grain v1 Stream cipher 



The authors like to thank Dr. Dibyendu Roy, School of Mathematical Science, NISER, India, for an excellent review on an initial version of this paper.


  1. 1.
    Biryukov A, Shamir A, Wagner D Real time cryptanalysis of A5/1 on a PC. FSE 2000, pp. 1–18, LNCS 1978, 2000. Available at:
  2. 2.
    Biryukov A, Shamir A Cryptanalytic time/memory/data tradeoffs for stream ciphers. Asiacrypt 2000, pp. 1–13, LNCS 1976, 2000. Available at:
  3. 3.
    Bjrstad TE Cryptanalysis of grain using time/memory/data tradeoffs. Estream Phase 3 (2013). Available at:
  4. 4.
    Competition CAESAR, Hosted at:
  5. 5.
    Hamann M, Krause M, Meier W LIZARD - A lightweight stream cipher for power-constrained devices. FSE 2017. Available at:
  6. 6.
    Hell M, Johansson T, Meier W (2007) Grain: a stream cipher for constrained environments. Int J Wirel Mob Comput 2(1):86–93. Available at: CrossRefGoogle Scholar
  7. 7.
    Jiao L, Zhang B, Wang M Two generic methods of analyzing stream ciphers. ISC 2015, Lecture Notes in Computer Science, pp. 379–396, 2015. Available at:
  8. 8.
    Maitra S, Sinha N, Siddhanti A, Anand R, Gangopadhyay S (2018) A TMDTO attack against lizard. IEEE Trans Comput 67(5):733–739. Available at: MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Mihaljević MJ, Gangopadhyay S, Paul G, Imai H (2012) Internal state recovery of Grain-v1 employing normality order of the filter function. IET Inf Secur 6(2):55–64. Available at: CrossRefGoogle Scholar
  10. 10.
    SAGE mathematics software. Free software foundation, Inc., 2009. Available at (Open source project initiated by W. Stein and contributed by many)
  11. 11.
    Sarkar S, Banik S, Maitra S (2015) Differential Fault Attack against Grain family with very few faults and minimal assumptions. IEEE Trans Comput 64(6):1647–1657. Available at: MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Siddhanti A A, Maitra S, Sinha N Certain Observations on ACORN v3 and the Implications to TMDTO Attacks. International Conference on Security, Privacy, and Applied Cryptography Engineering, pp. 264-280, LNCS 10662, Springer. Available at:
  13. 13.
    Wu H ACORN: A Lightweight Authenticated Cipher (v3). Available at:

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Department of Computer Science and MathematicsBITS Pilani, Goa CampusVasco-da-GamaIndia
  2. 2.Applied Statistics UnitIndian Statistical InstituteKolkataIndia
  3. 3.Department of Computer Science and EngineeringIndian Institute of Technology RoorkeeRoorkeeIndia

Personalised recommendations