An Improved Fast Correlation Attack on Fruit-80

Abstract

In recent years, small-state stream ciphers (SSCs) has drawn serious attention, whose proposal is to reduce the internal state without harming its security against time-memory-data (TMD) tradeoff attacks. The idea of it allows designing stream ciphers with small area size and low power consumption. It is regarded as a promising low-cost solution for IoT security. A small-state stream cipher is highly efficient in terms of hardware cost. Compared to conventional designs, the most significant advantage of the proposed designs is that they are highly efficient in terms of hardware cost. Based on the idea, the first small-state stream cipher was proposed in 2015, named Sprout. But soon it was proved to be insecure. However, its design shows a hopeful direction of designing stream ciphers. Then, more small-state stream ciphers are proposed. Unfortunately, the lack of enough theoretical work towards small-state stream cipher apparently restricts its development. This motivates researchers to study the security of these small-state stream ciphers. Fruit-80 is the final version of Grain-like small-state stream cipher proposed in 2018. In this paper, by combining the fast correlation attack algorithms for small-state stream ciphers with a technique-elimination by factorization, we present a fast correlation attack (FCA) on Fruit-80 with the data complexity \( 2^{23.35} \) and the time complexity \( 2^{72.71} \). It can be seen from the analysis that the design is insecure and we need further study.