Fast Near Collision Attack on the Grain v1 Stream Cipher

Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10821)

Abstract

Modern stream ciphers often adopt a large internal state to resist various attacks, where the cryptanalysts have to deal with a large number of variables when mounting state recovery attacks. In this paper, we propose a general new cryptanalytic method on stream ciphers, called fast near collision attack, to address this situation. It combines a near collision property with the divide-and-conquer strategy so that only subsets of the internal state, associated with different keystream vectors, are recovered first and merged carefully later to retrieve the full large internal state. A self-contained method is introduced and improved to derive the target subset of the internal state from the partial state difference efficiently. As an application, we propose a new key recovery attack on Grain v1, one of the 7 finalists selected by the eSTREAM project, in the single-key setting. Both the pre-computation and the online phases are tailored according to its internal structure, to provide an attack for any fixed IV in \(2^{75.7}\) cipher ticks after the pre-computation of \(2^{8.1}\) cipher ticks, given \(2^{28}\)-bit memory and about \(2^{19}\) keystream bits. Practical experiments on Grain v1 itself whenever possible and on a 80-bit reduced version confirmed our results.

Keywords

Cryptanalysis Stream ciphers Grain Near collision 
This is a preview of subscription content, log in to check access.

Notes

Acknowledgements

We would like to thank the anonymous reviewers for very helpful comments. This work is supported by the National Key R&D Research programm (Grant No. 2017YFB0802504), the program of the National Natural Science Foundation of China (Grant No. 61572482), National Cryptography Development Fund (Grant No. MMJJ20170107) and National Grand Fundamental Research 973 Programs of China (Grant No. 2013CB338002).

References

  1. 1.
    Anderson, R.: Searching for the optimum correlation attack. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 137–143. Springer, Heidelberg (1995).  https://doi.org/10.1007/3-540-60590-8_11CrossRefGoogle Scholar
  2. 2.
    Berbain, C., Gilbert, H., Maximov, A.: Cryptanalysis of grain. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 15–29. Springer, Heidelberg (2006).  https://doi.org/10.1007/11799313_2CrossRefGoogle Scholar
  3. 3.
    Berbain, C., Gilbert, H., Joux, A.: Algebraic and correlation attacks against linearly filtered non linear feedback shift registers. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 184–198. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-04159-4_12CrossRefGoogle Scholar
  4. 4.
    Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-44448-3_1CrossRefGoogle Scholar
  5. 5.
    De Cannière, C., Küçük, Ö., Preneel, B.: Analysis of grain’s initialization algorithm. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 276–289. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-68164-9_19CrossRefGoogle Scholar
  6. 6.
    Chepyzhov, V.V., Johansson, T., Smeets, B.: A simple algorithm for fast correlation attacks on stream ciphers. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 181–195. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44706-7_13CrossRefGoogle Scholar
  7. 7.
    Courtois, N.T., Meier, W.: Algebraic attacks on stream ciphers with linear feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-39200-9_21CrossRefGoogle Scholar
  8. 8.
  9. 9.
    Hawkes, P., Rose, G.G.: Rewriting variables: the complexity of fast algebraic attacks on stream ciphers. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 390–406. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28628-8_24CrossRefGoogle Scholar
  10. 10.
    Hell, M., Johansson, T., Meier, W.: Grain: a stream cipher for constrained environments. Int. J. Wirel. Mob. Comput. (IJWMC) 2(1), 86–93 (2007)CrossRefGoogle Scholar
  11. 11.
    Fischer, S., Meier, W.: Algebraic immunity of S-boxes and augmented functions. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 366–381. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-74619-5_23CrossRefGoogle Scholar
  12. 12.
    Guo, Q., Johansson, T., Löndahl, C.: Solving LPN using covering codes. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 1–20. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_1Google Scholar
  13. 13.
    Lu, Y., Vaudenay, S.: Faster correlation attack on bluetooth keystream generator E0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 407–425. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28628-8_25CrossRefGoogle Scholar
  14. 14.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48285-7_33CrossRefGoogle Scholar
  15. 15.
    Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of NLFSR-based cryptosystems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 130–145. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17373-8_8CrossRefGoogle Scholar
  16. 16.
    Koch, P.C.: Cryptanalysis of stream ciphers-analysis and application of the near collision attack for stream ciphers, Technical University of Denmark, Master Thesis-Supervisor: Christian Rechberger, November 2013Google Scholar
  17. 17.
  18. 18.
    Zhang, B., Li, Z., Feng, D., Lin, D.: Near collision attack on the grain v1 stream cipher. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 518–538. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43933-3_27Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.TCA Laboratory, SKLCS, Institute of SoftwareChinese Academy of SciencesBeijingChina
  2. 2.State Key Laboratory of CryptologyBeijingChina
  3. 3.University of Chinese Academy of SciencesBeijingChina
  4. 4.State Key Laboratory of Information Security, Institute of Information EngineeringChinese Academy of SciencesBeijingChina
  5. 5.FHNWWindischSwitzerland

Personalised recommendations