An AEAD Variant of the Grain Stream Cipher
Authors: 
Martin Hell, Thomas Johansson, Willi Meier, Jonathan Sönnerup, Hirotaka YoshidaAuthors Info & Claims
Pages 55 - 71
Abstract
A new Grain stream cipher, denoted Grain-128AEAD is presented, with support for authenticated encryption with associated data. The cipher takes a 128-bit key and a 96-bit IV and produces a pseudo random sequence that is used for encryption and authentication of messages. The design is based on Grain-128a but introduces a few changes in order to increase the security and protect against recent cryptanalysis results. The MAC is 64 bits, as specified by the NIST requirements in their lightweight security standardization process.
References
[1]
Amin Ghafari V and Hu H Fruit-80: a secure ultra-lightweight stream cipher for constrained environments Entropy 2018 20 3 180
[2]
Armknecht F and Mikhalev V Leander G On lightweight stream ciphers with shorter internal states Fast Software Encryption 2015 Heidelberg Springer 451-470
[3]
Aumasson, J.P., Dinur, I., Henzen, L., Meier, W., Shamir, A.: Efficient FPGA implementations of high-dimensional cube testers on the stream cipher Grain-128. In: SHARCS 2009 Special-purpose Hardware for Attacking Cryptographic Systems, p. 147 (2009)
[4]
Babbage, S.: Improved “exhaustive search” attacks on stream ciphers. In: IET Conference Proceedings, pp. 161–166(5), January 1995
[5]
Banik S, Maitra S, and Sarkar S Bogdanov A and Sanadhya S A differential fault attack on Grain-128a using MACs Security, Privacy, and Applied Cryptography Engineering 2012 Heidelberg Springer 111-125
[6]
Banik S, Maitra S, and Sarkar S Prouff E and Schaumont P A differential fault attack on the grain family of stream ciphers Cryptographic Hardware and Embedded Systems – CHES 2012 2012 Heidelberg Springer 122-139
[7]
Banik S, Maitra S, and Sarkar S Galbraith S and Nandi M A differential fault attack on the grain family under reasonable assumptions Progress in Cryptology - INDOCRYPT 2012 2012 Heidelberg Springer 191-208
[8]
Banik S, Maitra S, Sarkar S, and Meltem Sönmez T Boyd C and Simpson L A chosen IV related key attack on Grain-128a Information Security and Privacy 2013 Heidelberg Springer 13-26
[9]
Banik S et al. Towards low energy stream ciphers IACR Trans. Symmetric Cryptol. 2018 2018 2 1-19
[10]
Berbain C, Gilbert H, and Maximov A Robshaw M Cryptanalysis of grain Fast Software Encryption 2006 Heidelberg Springer 15-29
[11]
Biryukov A and Shamir A Okamoto T Cryptanalytic time/memory/data tradeoffs for stream ciphers Advances in Cryptology — ASIACRYPT 2000 2000 Heidelberg Springer 1-13
[12]
Biryukov A, Shamir A, and Wagner D Goos G, Hartmanis J, van Leeuwen J, and Schneier B Real time cryptanalysis of A5/1 on a PC Fast Software Encryption 2001 Heidelberg Springer 1-18
[13]
Braeken A and Lano J Preneel B and Tavares S On the (Im)possibility of practical and secure nonlinear filters and combiners Selected Areas in Cryptography 2006 Heidelberg Springer 159-174
[14]
Cannière, C.D., Preneel, B.: Trivium. New Stream Cipher Designs - The eSTREAM Finalists, pp. 244–266 (2008)
[15]
Castagnos, G., et al.: Fault analysis of GRAIN-128. In: IEEE International Workshop on (HST) Hardware-Oriented Security and Trust, pp. 7–14 (2009)
[16]
Courtois N, Klimov A, Patarin J, and Shamir A Preneel B Efficient algorithms for solving overdefined systems of multivariate polynomial equations Advances in Cryptology — EUROCRYPT 2000 2000 Heidelberg Springer 392-407
[17]
Courtois NT Boneh D Fast algebraic attacks on stream ciphers with linear feedback Advances in Cryptology - CRYPTO 2003 2003 Heidelberg Springer 176-194
[18]
Ding L and Guan J Related key chosen IV attack on Grain-128a stream cipher IEEE Trans. Inf. Forensics Secur. 2013 8 5 803-809
[19]
Dinur I, Güneysu T, Paar C, Shamir A, and Zimmermann R Lee DH and Wang X An experimentally verified attack on full Grain-128 using dedicated reconfigurable hardware Advances in Cryptology – ASIACRYPT 2011 2011 Heidelberg Springer 327-343
[20]
Dinur I and Shamir A Joux A Breaking Grain-128 with dynamic cube attacks Fast Software Encryption 2011 Heidelberg Springer 167-187
[21]
Fu X, Wang X, Chen J, and Stevens M Determining the nonexistent terms of non-linear multivariate polynomials: how to break Grain-128 more efficiently IACR Cryptol. ePrint Archive 2017 2017 412
[22]
Ghafari, V.A., Hu, H.: A new chosen IV statistical attack on Grain-128a cipher. In: 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp. 58–62. IEEE (2017)
[23]
Ghafari, V.A., Hu, H., Xie, C.: Fruit: ultra-lightweight stream cipher with shorter internal state. eSTREAM, ECRYPT Stream Cipher Project (2016)
[24]
Golić JD Fumy W Cryptanalysis of alleged A5 stream cipher Advances in Cryptology — EUROCRYPT ’97 1997 Heidelberg Springer 239-255
[25]
Hamann M and Krause M On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks Cryptogr. Commun. 2018 10 5 959-1012
[26]
Hamann M, Krause M, and Meier W Lizard-a lightweight stream cipher for power-constrained devices IACR Trans. Symmetric Cryptol. 2017 2017 1 45-79
[27]
Hell, M., Johansson, T., Maximov, A., Meier, W.: A stream cipher proposal: Grain-128. In: 2006 IEEE International Symposium on Information Theory, pp. 1614–1618. IEEE (2006)
[28]
Hell M, Johansson T, and Meier W Grain: a stream cipher for constrained environments Int. J. Wirel. Mob. Comput. 2007 2 1 86-93
[29]
Hoch JJ and Shamir A Joye M and Quisquater J-J Fault analysis of stream ciphers Cryptographic Hardware and Embedded Systems - CHES 2004 2004 Heidelberg Springer 240-253
[30]
Honeywell: IT70 Secure Passive RFID Tag. Technical Specifications (2017). https://www.honeywellaidc.com/products/rfid/tags-labels/it70
[31]
ISO/IEC 29192-3:2012 information technology - security techniques - lightweight cryptography - part 3: Stream ciphers (2012)
[32]
ISO/IEC 18033-1:2015 information technology - security techniques - encryption algorithms - part 1: General (2015)
[33]
ISO/IEC 29167-13:2015 information technology – automatic identification and data capture techniques – part 13: Crypto suite Grain-128A security services for air interface communications (2015)
[34]
Jiao L, Zhang B, and Wang M Lopez J and Mitchell CJ Two generic methods of analyzing stream ciphers Information Security 2015 Cham Springer 379-396
[35]
Karlsson L, Hell M, and Stankovski P Mori P, Furnell S, and Camp O Not so greedy: enhanced subset exploration for nonrandomness detectors Information Systems Security and Privacy 2018 Cham Springer 273-294
[36]
Karmakar S and Roy Chowdhury D Nitaj A and Pointcheval D Fault analysis of Grain-128 by targeting NFSR Progress in Cryptology – AFRICACRYPT 2011 2011 Heidelberg Springer 298-315
[37]
Khazaei S, Hasanzadeh MM, and Kiaei MS Linear sequential circuit approximation of Grain and Trivium stream ciphers IACR Cryptol. ePrint Archive 2006 2006 141
[38]
Knellwolf S, Meier W, and Naya-Plasencia M Abe M Conditional differential cryptanalysis of NLFSR-based cryptosystems Advances in Cryptology - ASIACRYPT 2010 2010 Heidelberg Springer 130-145
[39]
Lehmann M and Meier W Pieprzyk J, Sadeghi A-R, and Manulis M Conditional differential cryptanalysis of Grain-128a Cryptology and Network Security 2012 Heidelberg Springer 1-11
[40]
Ma Z, Tian T, and Qi WF Conditional differential attacks on Grain-128a stream cipher IET Inf. Secur. 2016 11 3 139-145
[41]
Meier W, Pasalic E, and Carlet C Cachin C and Camenisch JL Algebraic attacks and decomposition of Boolean functions Advances in Cryptology - EUROCRYPT 2004 2004 Heidelberg Springer 474-491
[42]
Mikhalev, V., Armknecht, F., Müller, C.: On ciphers that continuously access the non-volatile key. IACR Transaction Symmetric Cryptology, pp. 52–79 (2016)
[43]
Sarkar S, Banik S, and Maitra S Differential fault attack against Grain family with very few faults and minimal assumptions IEEE Trans. Comput. 2015 64 6 1647-1657
[44]
Stankovski P Gong G and Gupta KC Greedy distinguishers and nonrandomness detectors Progress in Cryptology - INDOCRYPT 2010 2010 Heidelberg Springer 210-226
[45]
Todo Y Oswald E and Fischlin M Structural evaluation by generalized integral property Advances in Cryptology – EUROCRYPT 2015 2015 Heidelberg Springer 287-314
[46]
Todo Y, Isobe T, Meier W, Aoki K, and Zhang B Shacham H and Boldyreva A Fast correlation attack revisited Advances in Cryptology – CRYPTO 2018 2018 Cham Springer 129-159
[47]
Wang Q, Hao Y, Todo Y, Li C, Isobe T, and Meier W Shacham H and Boldyreva A Improved division property based cube attacks exploiting algebraic properties of superpoly Advances in Cryptology – CRYPTO 2018 2018 Cham Springer 275-305
[48]
Watanabe, D., Owada, T., Okamoto, K., Igarashi, Y., Kaneko, T.: Update on Enocoro stream cipher. In: 2010 International Symposium on Information Theory its Applications, pp. 778–783, October 2010
[49]
Zhang B, Gong X, and Meier W Fast correlation attacks on Grain-like small state stream ciphers IACR Trans. Symmetric Cryptol. 2017 2017 4 58-81
[50]
Ågren M, Hell M, Johansson T, and Meier W Grain-128a: a new version of Grain-128 with optional authentication Int. J. Wirel. Mob. Comput. 2011 5 1 48-59
Recommendations
Cryptanalysis of the Full Spritz Stream Cipher
FSE 2016: Revised Selected Papers of the 23rd International Conference on Fast Software Encryption - Volume 9783Spritz is a stream cipher proposed by Rivest and Schuldt at the rump session of CRYPTO 2014. It is intended to be a replacement of the popular RC4 stream cipher. In this paper we propose distinguishing attacks on the full Spritz, based on a short-term ...
Finding state collisions in the authenticated encryption stream cipher ACORN
ACSW '16: Proceedings of the Australasian Computer Science Week MulticonferenceThis paper analyzes the authenticated encryption algorithm ACORN, a candidate in the CAESAR cryptographic competition. We identify weaknesses in the state update function of ACORN which result in collisions in the internal state of ACORN. This paper ...
Security Analysis of the RC4+ Stream Cipher
Proceedings of the 14th International Conference on Progress in Cryptology INDOCRYPT 2013 - Volume 8250The RC4+ stream cipher was proposed by Maitra and Paul at Indocrypt 2008. The authors had claimed that RC4+ ironed out most of the weaknesses of the alleged RC4 stream cipher and was only marginally slower than RC4 in software. In this paper we show that ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Apr 2019
484 pages
ISBN:978-3-030-16457-7
DOI:10.1007/978-3-030-16458-4
© Springer Nature Switzerland AG 2019.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 22 April 2019
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 21 Nov 2024
Other Metrics
Citations
View Options
View options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in