Advertisement

An Observation of Non-randomness in the Grain Family of Stream Ciphers with Reduced Initialization Round

  • Deepak Kumar Dalai
  • Dibyendu Roy
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11348)

Abstract

The key scheduling algorithm (KSA) of the Grain family of stream ciphers expands the uniformly chosen key (K) and initialization vector (IV) to a larger uniform looking state. The existence of non-randomness in KSA results a non-randomness in final keystream. In this paper, we observe a non-randomness in the KSA of Grain-v1 and Grain-128a stream ciphers of reduced round R. However, we could not exploit the non-randomness into an attack. It can be claimed that if the KSA generates pseudorandom state, then the probability of generating a valid state T (i.e., in the range set of KSA function) of Grain-v1, Grain-128a must be \(2^{-\delta }\), where \(\delta \) is the length of padding bits. In case of Grain-v1 and Grain-128a, \(\delta =16, 32\) respectively. We show that a new valid state can be constructed by flipping 3 and 19 bits of a given state in Grain-v1 and Grain-128a respectively with a probability higher than \(2^{-\delta }\). We show that the non-randomness happens for \(R \le 129\) and \(R\le 208\) rounds of KSA of Grain-v1 and Grain-128a respectively. Further, in the case of Grain-v1, we also found non-randomness in some key, IV bits from the experiment.

Keywords

Stream cipher Cryptanalysis Grain-v1 Grain-128a KSA Non-randomness 

References

  1. 1.
    eSTREAM: Stream cipher project for Ecrypt (2005)Google Scholar
  2. 2.
    Ågren, M., Hell, M., Johansson, T., Meier, W.: A new version of Grain-128 with authentication. In: Symmetric Key Encryption Workshop (2011)Google Scholar
  3. 3.
    Aumasson, J.P., Dinur, I., Henzen, L., Meier, W., Shamir, A.: Efficient FPGA implementations of high-dimensional cube testers on the stream cipher Grain-128. SHARCS 2009 Special-Purpose Hardware for Attacking Cryptographic Systems, p. 147 (2009)Google Scholar
  4. 4.
    Banik, S.: Some insights into differential cryptanalysis of Grain v1. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 34–49. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-08344-5_3CrossRefGoogle Scholar
  5. 5.
    Banik, S.: Conditional differential cryptanalysis of 105 round Grain v1. Crypt. Commun. 8(1), 113–137 (2016)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on the grain family of stream ciphers. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 122–139. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-33027-8_8CrossRefGoogle Scholar
  7. 7.
    Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on the grain family under reasonable assumptions. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 191–208. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34931-7_12CrossRefGoogle Scholar
  8. 8.
    Dinur, I., Shamir, A.: Breaking Grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-21702-9_10CrossRefGoogle Scholar
  9. 9.
    Fischer, S., Khazaei, S., Meier, W.: Chosen IV statistical analysis for key recovery attacks on stream ciphers. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 236–245. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-68164-9_16CrossRefGoogle Scholar
  10. 10.
    Hell, M., Johansson, T., Maximov, A., Meier, W.: A stream cipher proposal: Grain-128. In: IEEE International Symposium on Information Theory (ISIT 2006). Citeseer (2006)Google Scholar
  11. 11.
    Hell, M., Johansson, T., Meier, W.: Grain: a stream cipher for constrained environments. Int. J. Wirel. Mob. Comput. 2(1), 86–93 (2007)CrossRefGoogle Scholar
  12. 12.
    Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of NLFSR-based cryptosystems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 130–145. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17373-8_8CrossRefGoogle Scholar
  13. 13.
    Lehmann, M., Meier, W.: Conditional differential cryptanalysis of Grain-128a. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 1–11. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-35404-5_1CrossRefGoogle Scholar
  14. 14.
    Ma, Z., Tian, T., Qi, W.F.: Improved conditional differential attacks on Grain v1. IET Inf. Secur. 11(1), 46–53 (2016)CrossRefGoogle Scholar
  15. 15.
    Sarkar, S.: A new distinguisher on Grain v1 for 106 rounds. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2015. LNCS, vol. 9478, pp. 334–344. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-26961-0_20CrossRefGoogle Scholar
  16. 16.
    Watanabe, Y., Todo, Y., Morii, M.: New conditional differential cryptanalysis for NLFSR-based stream ciphers and application to Grain v1. In: 2016 11th Asia Joint Conference on Information Security (AsiaJCIS), pp. 115–123. IEEE (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.School of Mathematical ScienceNational Institute of Science Education and Research (HBNI)BhubaneswarIndia

Personalised recommendations