LIZARD – A Lightweight Stream Cipher for Power-constrained Devices

Abstract

Time-memory-data (TMD) tradeoff attacks limit the security level of many classical stream ciphers (like E 0 , A5/1, Trivium, Grain) to 1 / 2 n , where n denotes the inner state length of the underlying keystream generator. In this paper, we present Lizard, a lightweight stream cipher for power-constrained devices like passive RFID tags. Its hardware efficiency results from combining a Grain-like design with the FP (1)-mode, a recently suggested construction principle for the state initialization of stream ciphers, which offers provable 2 / 3 n -security against TMD tradeoff attacks aiming at key recovery. Lizard uses 120-bit keys, 64-bit IVs and has an inner state length of 121 bit. It is supposed to provide 80-bit security against key recovery attacks. Lizard allows to generate up to 2 18 keystream bits per key/IV pair, which would be sufficient for many existing communication scenarios like Bluetooth, WLAN or HTTPS.