Not So Greedy: Enhanced Subset Exploration for Nonrandomness Detectors

  • Linus Karlsson
  • Martin Hell
  • Paul Stankovski
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 867)


Distinguishers and nonrandomness detectors are used to distinguish ciphertext from random data. In this paper, we focus on the construction of such devices using the maximum degree monomial test. This requires the selection of certain subsets of key and IV-bits of the cipher, and since this selection to a great extent affects the final outcome, it is important to make a good selection. We present a new, generic and tunable algorithm to find such subsets. Our algorithm works on any stream cipher, and can easily be tuned to the desired computational complexity. We test our algorithm with both different input parameters and different ciphers, namely Grain-128a, Kreyvium and Grain-128. Compared to a previous greedy approach, our algorithm consistently provides better results.


Maximum degree monomial Distinguisher Nonrandomness detector Grain-128a Grain-128 Kreyvium 



This paper is an extended and revised version of the paper “Improved Greedy Nonrandomness Detectors for Stream Ciphers” previously presented at ICISSP 2017 [3].

The computations were performed on resources provided by the Swedish National Infrastructure for Computing (SNIC) at Lunarc.


  1. 1.
    Englund, H., Johansson, T., Sönmez Turan, M.: A framework for chosen IV statistical analysis of stream ciphers. In: Srinathan, K., Rangan, C.P., Yung, M. (eds.) INDOCRYPT 2007. LNCS, vol. 4859, pp. 268–281. Springer, Heidelberg (2007). Scholar
  2. 2.
    Stankovski, P.: Greedy distinguishers and nonrandomness detectors. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 210–226. Springer, Heidelberg (2010). Scholar
  3. 3.
    Karlsson, L., Hell, M., Stankovski, P.: Improved greedy nonrandomness detectors for stream ciphers. In: Proceedings of the 3rd International Conference on Information Systems Security and Privacy, pp. 225–232. SciTePress (2017)Google Scholar
  4. 4.
    Hell, M., Johansson, T., Meier, W.: Grain - a stream cipher for constrained environments. Int. J. Wirel. Mob. Comput. 2, 86–93 (2006). Special Issue on Security of Computer Network and Mobile SystemsCrossRefGoogle Scholar
  5. 5.
    Hell, M., Johansson, T., Maximov, A., Meier, W.: A stream cipher proposal: Grain-128. In: 2006 IEEE International Symposium on Information Theory, pp. 1614–1618 (2006)Google Scholar
  6. 6.
    Ågren, M., Hell, M., Johansson, T., Meier, W.: Grain-128a: a new version of Grain-128 with optional authentication. Int. J. Wirel. Mob. Comput. 5, 48–59 (2011)CrossRefGoogle Scholar
  7. 7.
    Canteaut, A., Carpov, S., Fontaine, C., Lepoint, T., Naya-Plasencia, M., Paillier, P., Sirdey, R.: Stream ciphers: a practical solution for efficient homomorphic-ciphertext compression. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 313–333. Springer, Heidelberg (2016). Scholar
  8. 8.
    Cannière, C.: Trivium: a stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 171–186. Springer, Heidelberg (2006). Scholar
  9. 9.
    Saarinen, M.J.O.: Chosen-IV statistical attacks on eSTREAM stream ciphers (2006).
  10. 10.
    Liu, M., Lin, D., Wang, W.: Searching cubes for testing Boolean functions and its application to Trivium. In: 2015 IEEE International Symposium on Information Theory (ISIT), pp. 496–500 (2015)Google Scholar
  11. 11.
    Sarkar, S., Maitra, S., Baksi, A.: Observing biases in the state: case studies with Trivium and Trivia-SC. Des. Codes Crypt. 82, 351–375 (2016)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Chakraborti, A., Chattopadhyay, A., Hassan, M., Nandi, M.: TriviA: a fast and secure authenticated encryption scheme. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 330–353. Springer, Heidelberg (2015). Scholar
  13. 13.
    Vielhaber, M.: Breaking ONE.FIVIUM by AIDA an algebraic IV differential attack. Cryptology ePrint Archive, Report 2007/413 (2007).
  14. 14.
    Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009). Scholar
  15. 15.
    Dinur, I., Shamir, A.: Breaking Grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011). Scholar
  16. 16.
    Banik, S., Maitra, S., Sarkar, S., Meltem Sönmez, T.: A chosen IV related key attack on Grain-128a. In: Boyd, C., Simpson, L. (eds.) ACISP 2013. LNCS, vol. 7959, pp. 13–26. Springer, Heidelberg (2013). Scholar
  17. 17.
    Sarkar, S., Banik, S., Maitra, S.: Differential fault attack against Grain family with very few faults and minimal assumptions. IEEE Trans. Comput. 64, 1647–1657 (2015)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Watanabe, Y., Isobe, T., Morii, M.: Conditional differential cryptanalysis for Kreyvium. In: Pieprzyk, J., Suriadi, S. (eds.) ACISP 2017. LNCS, vol. 10342, pp. 421–434. Springer, Cham (2017). Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Electrical and Information TechnologyLund UniversityLundSweden

Personalised recommendations