Abstract
In Fast Software Encryption (FSE) 2015, while presenting a new idea (i.e., the design of stream ciphers with the small internal state by using a secret key, not only in the initialization but also in the keystream generation), Sprout was proposed. Sprout was insecure and an improved version of Sprout was presented in FSE 2017. We introduced Fruit stream cipher informally in 2016 on the web page of IACR (eprint) and few cryptanalysis were published on it. Fortunately, the main structure of Fruit was resistant. Now, Fruit-80 is presented as a final version which is easier to implement and is secure. The size of LFSR and NFSR in Fruit-80 is only 80 bits (for 80-bit security level), while for resistance to the classical time-memory-data tradeoff (TMDTO) attacks, the internal state size should be at least twice that of the security level. To satisfy this rule and to design a concrete cipher, we used some new design ideas. It seems that the bottleneck of designing an ultra-lightweight stream cipher is TMDTO distinguishing attacks. A countermeasure was suggested, and another countermeasure is proposed here. Fruit-80 is better than other small-state stream ciphers in terms of the initialization speed and area size in hardware. It is possible to redesign many of the stream ciphers and achieve significantly smaller area size by using the new idea.
Highlights
Nowadays the need for secure lightweight symmetric ciphers is obviously more than that of eSTREAM project time
The storing of key bits for reuse by different IVs is essential for most applications, and it is necessary to store a key in a fixed memory in some applications
Fruit-80, Plantlet, Lizard, and Grain-v1 require 960, 996, 1218, and 1270 GE for implementations in TSMC 0.18 μm technology, respectively. These results show that Fruit-80 is the lightest small-state stream cipher and the area size of Grain-v1 is about 32% bigger than that of Fruit-80
Summary
Nowadays the need for secure lightweight symmetric ciphers is obviously more than that of eSTREAM project time. Fruit-80 is presented as the final version that is easier to implement and secure It seems that the bottleneck of designing a secure ultra-lightweight stream cipher is TMDTO distinguishing attacks. TMDTO distinguishing attacks were successfully applied to all of the small-state stream ciphers (i.e., Sprout, Fruit, and Plantlet [24]). The necessary condition for a stream cipher to be resistant to TMDTO attacks is that the internal state size should be at least twice that of its security level, such as Trivium, MICKEY 2.0, and Grain-v1. Stream cipher and the area size of Grain-v1 is about 32% bigger than that of Fruit-80 These results are expected because the size of the internal states of Fruit-80, Plantlet, Lizard, and Grain-v1 are 87, 101, 121, and 160 bits, respectively.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
