Abstract
In this paper, we study the security of Grain-like small state stream ciphers by fast correlation attacks, which are commonly regarded as classical cryptanalytic methods against LFSR-based stream ciphers. We extend the cascaded structure adopted in such primitives in general and show how to restore the full internal state part-by-part if the non-linear combining function meets some characteristic. As a case study, we present a key recovery attack against Fruit, a tweaked version of Sprout that employs key-dependent state updating in the keystream generation phase. Our attack requires 262.8 Fruit encryptions and 222.3 keystream bits to determine the 80-bit secret key. Practical simulations on a small-scale version confirmed our results.
Highlights
Design of secure small state stream ciphers for constrained hardware applications is an important line of work in recent years, which extends the design paradigm domain of lightweight stream ciphers in theory and provides interesting primitives for low power devices like passive RFID tags in practice
We study the security of these Grain-like small state stream ciphers by fast correlation attacks, the classical cryptanalytic methods against LFSR-based stream ciphers
Inspired by Fruit as well as by other similar primitives, we present the generalized model for Grain-like small state stream ciphers as depicted in Fig.2, which is helpful in the sense that we could study some special properties/choices more clearly in a unified framework
Summary
Design of secure small state stream ciphers for constrained hardware applications is an important line of work in recent years, which extends the design paradigm domain of lightweight stream ciphers in theory and provides interesting primitives for low power devices like passive RFID tags in practice Such small state ciphers often utilize a keydependent state updating in both, initialization and keystream generation phases, to thwart time/memory/data tradeoff attacks [5], and the non-linear feedback shift registers (NFSR) are main building blocks to resist (fast) correlation [6, 7, 8, 19, 20, 24] and algebraic attacks [9, 10].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
