Related-Key Chosen IV Attacks on Grain-v1 and Grain-128
The slide resynchronization attack on Grain was proposed in . This attack finds related keys and initialization vectors of Grain that generate the 1-bit shifted keystream sequence. In this paper, we extend the attack proposed in  and propose related-key chosen IV attacks on Grain-v1 and Grain-128. The attack on Grain-v1 recovers the secret key with 222.59 chosen IVs, 226.29-bit keystream sequences and 222.90 computational complexity. To recover the secret key of Grain-128, our attack requires 226.59 chosen IVs, 231.39-bit keystream sequences and 227.01 computational complexity. These works are the first known key recovery attacks on Grain-v1 and Grain-128.
KeywordsStream cipher Grain-v1 Grain-128 Related-key chosen IV attack Cryptanalysis
Unable to display preview. Download preview PDF.
- 2.Hell, M., Johansson, T., Meier, W.: Grain - A Stream Cipher for Constrained Environments, eSTREAM - ECRYPT Stream Cipher Project, Report 2005/010 (2005), http://www.ecrypt.eu.org/stream/ciphers/grain/grain.pdf
- 3.Hell, M., Johansson, T., Meier, W.: Grain - A Stream Cipher for Constrained Environments, eSTREAM - ECRYPT Stream Cipher Project (2007), http://www.ecrypt.eu.org/stream/p3ciphers/grain/Grain_p3.pdf
- 4.Hell, M., Johansson, T., Meier, W.: A Stream Cipher Proposal: Grain-128, eSTREAM - ECRYPT Stream Cipher Project (2007), http://www.ecrypt.eu.org/stream/p3ciphers/grain/Grain128_p3.pdf
- 5.Khazaei, S., Hassanzadeh, M., Kiaei, M.: Distinguishing Attack on Grain, eSTREAM - ECRYPT Stream Cipher Project, Report 2005/071 (2005) http://www.ecrypt.eu.org/stream/papersdir/071.pdf
- 6.Kücük, O.: Slide Resynchronization Attack on the Initialization of Grain 1.0, eSTREAM - ECRYPT Stream Cipher Project, Report 2006/044 (2006), http://www.ecrypt.eu.org/stream/papersdir/2006/044.ps
- 7.Vielhaber, M.: Breaking ONE.FIVIUM by AIDA an Algebraic IV Differential Attack, Cryptology ePrint Archive: Report 2007/413 (2007), http://eprint.iacr.org/2007/413.pdf