article

Grain-128a: a new version of Grain-128 with optional authentication

Authors:

Thomas Johansson,

Willi MeierAuthors Info & Claims

International Journal of Wireless and Mobile Computing, Volume 5, Issue 1

Pages 48 - 59

https://doi.org/10.1504/IJWMC.2011.044106

Published: 01 December 2011 Publication History

Abstract

A new version of the stream cipher Grain-128 is proposed. The new version, Grain-128a, is strengthened against all known attacks and observations on the original Grain-128, and has built-in support for optional authentication. The changes are modest, keeping the basic structure of Grain-128. This gives a high confidence in Grain-128a and allows for easy updating of existing implementations.

References

[1]

3GPP (2010a) Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3, Document 1 128-EEA3 and 128-EIA3 specification, Ts, 3rd Generation Partnership Project (3GPP). Available online at: http://www.gsmworld.com/our-work/programmes-andinitiatives/ fraud-and-security/gsm_security_algorithms.htm

[2]

3GPP (2010b) Specification of the 3GPP Confidentiality and Integrity Algorithms 128-EEA3 & 128-EIA3, Document 2 ZUC specification, Ts, 3rd Generation Partnership Project (3GPP). Available online at: http://www.gsmworld.com/ourwork/ programmes-and-initiatives/fraud-and-security/gsm_ security_algorithms.htm

[3]

Ågren, M., Hell, M. and Johansson, T. (2011) 'On hardware-oriented message authentication with applications towards RFID', Proceedings of the 2011 Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications, 14-15 March, IEEE Computer Society Conference Publishing Services, Istanbul, pp. 26-33.

Digital Library

[4]

Aumasson, J-P., Dinur, I., Henzen, L., Meier, W. and Shamir, A. (2009) 'Efficient FPGA implementations of high-dimensional cube testers on the stream cipher Grain-128', Workshop on Special Purpose Hardware for Attacking Cryptographic Systems (SHARCS'09), 9-10 September, Lausanne, Switzerland.

[5]

Babbage, S. and Dodd, M. (2008) 'The MICKEY stream ciphers', in Robshaw, M. and Billet, O. (Eds): New Stream Cipher Designs, Lecture Notes in Computer Science, Springer-Verlag, Vol. 4986, pp. 191-209.

[6]

Berbain, C., Gilbert, H. and Joux, A. (2008) 'Algebraic and correlation attacks against linearly filtered non linear feedback shift registers', in Avanzi, R., Keliher, L. and Sica, F. (Eds): Selected Areas in Cryptography - SAC 2008, Lecture Notes in Computer Science, Springer-Verlag, Vol. 5381, pp. 184-198.

[7]

Berbain, C., Gilbert, H. and Maximov, A. (2006) 'Cryptanalysis of Grain', in Robshaw, M. (Ed.): Fast Software Encryption 2006, Lecture Notes in Computer Science, Vol. 4047, Springer-Verlag, pp. 15-29.

[8]

Biryukov, A. and Shamir, A. (2000) 'Cryptanalytic time/memory/data tradeoffs for stream ciphers', in Okamoto, T. (Ed.): Advances in Cryptology - ASIACRYPT 2000, Lecture Notes in Computer Science, Vol. 1976, Springer-Verlag, pp. 1-13.

[9]

Canteaut, A. and Trabbia, M. (2000) 'Improved fast correlation attacks using parity-check equations of weight 4 and 5, in Preneel, B. (Ed.): Advances in Cryptology - EUROCRYPT 2000, Lecture Notes in Computer Science, Vol. 1807, Springer-Verlag, pp. 573-588.

[10]

Chepyzhov, V., Johansson, T. and Smeets, B. (2000) 'A simple algorithm for fast correlation attacks on stream ciphers, in Schneier, B. (Ed.): Fast Software Encryption 2000, Lecture Notes in Computer Science, Vol. 1978, Springer-Verlag, pp. 181-195.

[11]

Chose, P., Joux, A. and Mitton, M. (2002) 'Fast correlation attacks: an algorithmic point of view', Lecture Notes in Computer Science, Vol. 2332, pp. 209-221.

Digital Library

[12]

Courtois, N. and Meier, W. (2003) 'Algebraic attacks on stream ciphers with linear feedback', in Biham, E. (Ed.): Advances in Cryptology - EUROCRYPT 2003, Lecture Notes in Computer Science, Vol. 2656, Springer-Verlag, pp. 345-359.

[13]

De Canniére, C., Kiiciik, O. and Preneel, B. (2008) 'Analysis of Grain's initialization algorithm, in Vaudenay, S. (Ed.): Progress in Cryptology - AFRICACRYPT 2008, Lecture Notes in Computer Science, Springer-Verlag, Vol. 5023, pp. 276-289.

[14]

De Cannière, C. and Preneel, B. (2008) 'Trivium', in Robshaw, M. and Billet, O. (Eds): New Stream Cipher Designs, Lecture Notes in Computer Science, Vol. 4986, Springer-Verlag, pp. 244-266.

[15]

Dinur, I., Güneysu, T., Paar, C., Shamir, A. and Zimmermann, R. (2011) An Experimentally Verified Attack on Full Grain-128 using Dedicated Reconfigurable Hardware, Cryptology ePrint Archive, Report 2011/282. Available online at: http://eprint.iacr.org/2011/282

[16]

Dinur, I. and Shamir, A. (2011) Breaking Grain-128 with dynamic cube attacks, in Joux, A. (Ed.): Fast Software Encryption 2011, Lecture Notes in Computer Science, Springer-Verlag, pp. 167-187.

[17]

Fischer, W., Gammel, B.M., Kniffler, O. and Velten, J. (2007) Differential Power Analysis of Stream Ciphers: The State of the Art of Stream Ciphers, Workshop Record, SASC 2007, Bochum, Germany.

[18]

Fuhr, T., Gilbert, H., Reinhard, J-R. and Videau, M. (2010) A Forgery Attack on the Candidate LTE Integrity Algorithm 128-EIA3 (Updated Version), Cryptology ePrint Archive, Report 2010/618. Available online at: http://eprint.iacr.org/

[19]

Fuhr, T., Gilbert, H., Reinhard, J-R. and Videau, M. (2011) 'Analysis of the initial and modified versions of the candidate 3GPP integrity algorithm 128-EIA3', Selected Areas in Cryptography--SAC 2011, Lecture Notes in Computer Science, Springer-Verlag.

[20]

Golic, J. (1994) 'Intrinsic statistical weakness of keystream generators', in Pieprzyk, J. and Safavi-Naini, R. (Eds): Advances in Cryptology - ASIACRYPT'94, Lecture Notes in Computer Science, Vol. 917, Springer-Verlag, pp. 91-103.

[21]

Golic, J.D. (1996) 'Computation of low-weight parity-check polynomials', Electronic Letters, Vol. 32, No. 21, pp. 1981-1982.

[22]

Handschuh, H. and Preneel, B. (2008) 'Key-recovery attacks on universal hash function based MAC algorithms', Wagner, D. (Ed.): Advances in Cryptology - CRYPTO 2008, Lecture Notes in Computer Science, Vol. 5157, Springer-Verlag, pp. 144-161.

[23]

Hell, M., Johansson, T., Maximov, A. and Meier, W. (2006a) 'A stream cipher proposal: Grain-128', IEEE International Symposium on Information Theory - ISIT 2006, 9-14 July 2006, Seattle, WA.

[24]

Hell, M., Johansson, T. and Meier, W. (2006b) 'Grain - a stream cipher for constrained environments', International Journal of Wireless and Mobile Computing, Special Issue on Security of Computer Network and Mobile Systems, Vol. 2, No. 1, pp. 86-93.

[25]

Hoch, J. and Shamir, A. (2004) 'Fault analysis of stream ciphers', CHES 2004, Lecture Notes in Computer Science, Vol. 3156, Springer-Verlag, pp. 240-253.

[26]

Johansson, T. and Jönsson, F. (1999) 'Fast correlation attacks based on turbo code techniques', in Wiener, M. (Ed.): Advances in Cryptology - CRYPTO'99, Lecture Notes in Computer Science, Vol. 1666, Springer-Verlag, pp. 181-197.

[27]

Johansson, T. and Jönsson, F. (2000) 'Fast correlation attacks through reconstruction of linear polynomials', in Bellare, M. (Ed.): Advances in Cryptology - CRYPTO 2000, Lecture Notes in Computer Science, Vol. 1880, Springer-Verlag, pp. 300-315.

[28]

Krawczyk, H. (1995) 'New hash functions for message authentication', Advances in Cryptology - EUROCRYPT'95, Springer-Verlag, pp. 301-310.

[29]

Küçük, Ö. (2006) Slide Resynchronization Attack on the Initialization of Grain 1.0, eSTREAM, ECRYPT Stream Cipher Project, Report 2006/044. Available online at: http://www.ecrypt.eu.org/stream

[30]

Lee, Y., Jeong, K., Sung, J. and Hong, S. (2008) 'Related-key chosen IV attacks on Grain-v1 and Grain-128, in Mu, Y., Susilo, W. and Seberry, J. (Eds): 13th Australasian Conference on Information Security and Privacy, ACISP 2008, Lecture Notes in Computer Science, Vol. 5107, Springer-Verlag, pp. 321-335.

[31]

Maximov, A. (2006) Cryptanalysis of the 'Grain' family of stream ciphers', ACM Symposium on Information, Computer and Communications Security (ASI-ACCS'06), pp. 283-288.

[32]

Meier, W. and Staffelbach, O. (1989) 'Fast correlation attacks on certain stream ciphers', Journal of Cryptology, Vol. 1, No. 3, pp. 159-176.

Digital Library

[33]

Mihaljevic, M.J., Fossorier, M. and Imai, H. (2002) 'Fast correlation attack algorithm with list decoding and an application', Lecture Notes in Computer Science, Vol. 2355, pp. 196-210.

[34]

Penzhorn, W. and Kühn, G. (1995) 'Computation of low-weight parity checks for correlation attacks on stream ciphers', in Boyd, C. (Ed.): Cryptography and Coding -5th IMA Conference, Lecture Notes in Computer Science, Vol. 1025, Springer-Verlag, pp. 74-83.

[35]

Stankovski, P. (2010) 'Greedy distinguishers and nonrandomness detectors', in Gong, G. and Gupta, K.C. (Eds): Progress in Cryptology - INDOCRYPT 2010, Lecture Notes in Computer Science, Vol. 6498, Springer-Verlag, pp. 210-226.

[36]

Wagner, D. (2002) 'A generalized birthday problem', in Yung, M. (Ed.): Advances in Cryptology - CRYPTO 2002, Lecture Notes in Computer Science, Vol. 2442, Springer-Verlag, pp. 288-303.

[37]

Zhang, H. and Wang, X. (2009) Cryptanalysis of Stream Cipher Grain Family, Cryptology ePrint Archive, Report 2009/109. Available online at: http://eprint.iacr.org/

Cited By

Ma SJin CGuan JCui TShi Z(2024)Improved Fast Correlation Attack Using Multiple Linear Approximations and Its Application on SOSEMANUKIEEE Transactions on Information Theory10.1109/TIT.2024.340933170:10(7484-7497)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1109/TIT.2024.3409331
Canales-Martínez ISemaev I(2024)Multivariate correlation attacks and the cryptanalysis of LFSR-based stream ciphersDesigns, Codes and Cryptography10.1007/s10623-024-01444-492:11(3391-3427)Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1007/s10623-024-01444-4
Li BZhang HLin D(2023)Efficient (Masked) Hardware Implementation of Grain-128AEADv2Security and Communication Networks10.1155/2023/80441642023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/8044164
Show More Cited By

Grain-128a: a new version of Grain-128 with optional authentication

Recommendations

Related Key Chosen IV Attack on Grain-128a Stream Cipher

The well-known stream cipher Grain-128 is a variant version of Grain v1 with 128-bit secret key. Grain v1 is a stream cipher which has successfully been chosen as one of seven finalists by European eSTREAM project. Yet Grain-128 is vulnerable against ...
Quantum security of Grain-128/Grain-128a stream cipher against HHL algorithm
Abstract
HHL algorithm is a quantum algorithm for solving linear equation system. It can achieve an exponential improvement over the best classical algorithm. In this paper, we analyze the quantum security of Grain-128/Grain-128a stream cipher by using the ... $^{}$ $^{}^{}^{}^{}^{}$ $^{}^{}^{}^{}^{}$
A state bit recovery algorithm with TMDTO attack on Lizard and Grain-128a
Abstract
We propose a deterministic algorithm to recover some state bits of any FSR-based stream cipher knowing some keystream bits by fixing some state bits. This algorithm searches for the number of fixing bits as minimum as possible. Applying the ... $^{}$

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image International Journal of Wireless and Mobile Computing

International Journal of Wireless and Mobile Computing Volume 5, Issue 1

December 2011

106 pages

ISSN:1741-1084

EISSN:1741-1092

Issue’s Table of Contents

Publisher

Inderscience Publishers

Geneva 15, Switzerland

Publication History

Published: 01 December 2011

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

51
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 21 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ma SJin CGuan JCui TShi Z(2024)Improved Fast Correlation Attack Using Multiple Linear Approximations and Its Application on SOSEMANUKIEEE Transactions on Information Theory10.1109/TIT.2024.340933170:10(7484-7497)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1109/TIT.2024.3409331
Canales-Martínez ISemaev I(2024)Multivariate correlation attacks and the cryptanalysis of LFSR-based stream ciphersDesigns, Codes and Cryptography10.1007/s10623-024-01444-492:11(3391-3427)Online publication date: 1-Nov-2024
https://dl.acm.org/doi/10.1007/s10623-024-01444-4
Li BZhang HLin D(2023)Efficient (Masked) Hardware Implementation of Grain-128AEADv2Security and Communication Networks10.1155/2023/80441642023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/8044164
Kumar SSarkar S(2023)Conditional TMDTO as a MILP InstanceIEEE Transactions on Information Theory10.1109/TIT.2022.323091069:5(3330-3346)Online publication date: 1-May-2023
https://dl.acm.org/doi/10.1109/TIT.2022.3230910
Wang WWang HTang D(2023)An Improved Method for Evaluating Secret Variables and Its Application to WAGEInformation Security and Cryptology10.1007/978-981-97-0942-7_18(360-378)Online publication date: 9-Dec-2023
https://dl.acm.org/doi/10.1007/978-981-97-0942-7_18
Maitra ASamanta AKar SGarai HMandal MDey S(2023)Grover on Chosen IV Related Key Attack Against GRAIN-128aProgress in Cryptology – INDOCRYPT 202310.1007/978-3-031-56232-7_14(287-306)Online publication date: 10-Dec-2023
https://dl.acm.org/doi/10.1007/978-3-031-56232-7_14
Bendoukha AClet PBoudguiga ASirdey R(2023)Optimized Stream-Cipher-Based Transciphering by Means of Functional-BootstrappingData and Applications Security and Privacy XXXVII10.1007/978-3-031-37586-6_6(91-109)Online publication date: 19-Jul-2023
https://dl.acm.org/doi/10.1007/978-3-031-37586-6_6
Beighton MBartlett HSimpson LWong K(2023)Key Recovery Attacks on Grain-Like Keystream Generators with Key InjectionInformation Security and Privacy10.1007/978-3-031-35486-1_5(89-108)Online publication date: 5-Jul-2023
https://dl.acm.org/doi/10.1007/978-3-031-35486-1_5
Dalai DPal SSarkar S(2022)Some Conditional Cube Testers for Grain-128a of Reduced RoundsIEEE Transactions on Computers10.1109/TC.2021.308514471:6(1374-1385)Online publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1109/TC.2021.3085144
Balaska NBelmeguenai AGoutas AAhmida ZBoumerdassi S(2022)Securing Medical Data by Combining Encryption and Robust Blind Medical Image Watermarking Based on Zaslavsky Chaotic Map and DCT CoefficientsSN Computer Science10.1007/s42979-021-01012-w3:2Online publication date: 7-Jan-2022
https://dl.acm.org/doi/10.1007/s42979-021-01012-w
Show More Cited By

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents