Advertisement

Cryptanalysis of Grain

  • Côme Berbain
  • Henri Gilbert
  • Alexander Maximov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4047)

Abstract

Grain [11] is a lightweight stream cipher proposed by M. Hell, T. Johansson, and W. Meier to the eSTREAM call for stream cipher proposals of the European project ECRYPT [5]. Its 160-bit internal state is divided into a LFSR and an NFSR of length 80 bits each. A filtering boolean function is used to derive each keystream bit from the internal state. By combining linear approximations of the feedback function of the NFSR and of the filtering function, it is possible to derive linear approximation equations involving the keystream and the LFSR initial state. We present a key recovery attack against Grain which requires 243 computations and 238 keystream bits to determine the 80-bit key.

Keywords

Stream cipher Correlation attack Walsh transform 

References

  1. 1.
    Briceno, M., Goldberg, I., Wagner, D.: A pedagogical implementation of A5/1. (1999), Available at, http://jya.com/a51-pi.htm (accessed August 18, 2003)
  2. 2.
    Canteaut, A., Trabbia, M.: Improved fast correlation attacks using parity-check equations of weight 4 and 5. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 573–588. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Chepyzhov, V., Smeets, B.: On a fast correlation attack on certain stream ciphers. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 176–185. Springer, Heidelberg (1991)Google Scholar
  4. 4.
    Dodd, M.W.: Applications of the Discrete Fourier Transform in Information Theory and Cryptology. PhD thesis, University of London (2003)Google Scholar
  5. 5.
    ECRYPT. eSTREAM: ECRYPT Stream Cipher Project, IST-2002-507932. (2005), Available at, http://www.ecrypt.eu.org/stream/ (accessed September 29, 2005)
  6. 6.
    Ekdahl, P., Johansson, T.: Another attack on A5/1. In: Proceedings of International Symposium on Information Theory, p. 160. IEEE, Los Alamitos (2001)Google Scholar
  7. 7.
    Ekdahl, P., Johansson, T.: Another attack on A5/1. IEEE Transactions on Information Theory 49(1), 284–289 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Englund, H., Johansson, T.: A new simple technique to attack filter generators and related ciphers. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004, vol. 3357, pp. 39–53. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Gilbert, H., Audoux, P.: Improved fast correlation attacks on stream ciphers using FFT techniques. Personnal communication (2000)Google Scholar
  10. 10.
    Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997)Google Scholar
  11. 11.
    Hell, M., Johansson, T., Meier, W.: Grain - A Stream Cipher for Constrained Environments. ECRYPT Stream Cipher Project Report 2005/001 (2005), http://www.ecrypt.eu.org/stream
  12. 12.
    Hell, M., Johansson, T., Meier, W.: Grain - A Stream Cipher for Constrained Environments (2005), http://www.it.lth.se/grain
  13. 13.
    Johansson, T., Jönsson, F.: Fast correlation attacks based on turbo code techniques. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 181–197. Springer, Heidelberg (1999)Google Scholar
  14. 14.
    Johansson, T., Jönsson, F.: Improved fast correlation attacks on stream ciphers via convolutional codes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 347–362. Springer, Heidelberg (1999)Google Scholar
  15. 15.
    F. Jönsson. Some Results on Fast Correlation Attacks. PhD thesis, Lund University, Department of Information Technology, P.O. Box 118, SE–221 00, Lund, Sweden (2002)Google Scholar
  16. 16.
    Joux, A., Chose, P., Mitton, M.: Fast Correlation Attacks: An Algorithmic Point of View. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 209–221. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Kaliski Jr, B.S., Robshaw, M.J.B.: Linear Cryptanalysis Using Multiple Approximations. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 26–39. Springer, Heidelberg (1994)Google Scholar
  18. 18.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  19. 19.
    Maximov, A.: Cryptanalysis of the “Grain” family of stream ciphers. ACM Transactions on Information and System Security, TISSEC (2006)Google Scholar
  20. 20.
    Meier, W., Staffelbach, O.: Fast correlation attacks on stream ciphers. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 301–316. Springer, Heidelberg (1988)Google Scholar
  21. 21.
    Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. Journal of Cryptology 1(3), 159–176 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Meier, W., Staffelbach, O.: The self-shrinking generator. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 205–214. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  23. 23.
    Mihaljevic, M., Golić, J.D.: A fast iterative algorithm for a shift register initial state reconstruction given the noisy output sequence. In: Seberry, J., Pieprzyk, J.P. (eds.) AUSCRYPT 1990. LNCS, vol. 453, pp. 165–175. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  24. 24.
    NESSIE. New European Schemes for Signatures, Integrity, and Encryption (1999). Available at, http://www.cryptonessie.org (accessed August 18, 2003)
  25. 25.
    Penzhorn, W.T., Kühn, G.J.: Computation of low-weight parity checks for correlation attacks on stream ciphers. In: Boyd, C. (ed.) Cryptography and Coding 1995. LNCS, vol. 1025, pp. 74–83. Springer, Heidelberg (1995)Google Scholar
  26. 26.
    Hassanzadeh, M., Khazaei, S., Kiaei, M.: Distinguishing Attack on Grain. ECRYPT Stream Cipher Project Report 2005/001 (2005), http://www.ecrypt.eu.org/stream
  27. 27.
    Siegenthaler, T.: Correlation-immunity of non-linear combining functions for cryptographic applications. IEEE Transactions on Information Theory 30, 776–780 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  28. 28.
    Siegenthaler, T.: Decrypting a class of stream ciphers using ciphertext only. IEEE Transactions on Computers 34, 81–85 (1985)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Côme Berbain
    • 1
  • Henri Gilbert
    • 1
  • Alexander Maximov
    • 2
  1. 1.France Telecom Research and DevelopmentIssy-les-MoulineauxFrance
  2. 2.Dept. of Information TechnologyLund University, SwedenLundSweden

Personalised recommendations