Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Designs, Codes and Cryptography
Published in: Designs, Codes and Cryptography 3/2022

21-01-2022

A state bit recovery algorithm with TMDTO attack on Lizard and Grain-128a

Authors: Deepak Kumar Dalai, Santu Pal, Santanu Sarkar

Published in: Designs, Codes and Cryptography | Issue 3/2022

Login to get access

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

We propose a deterministic algorithm to recover some state bits of any FSR-based stream cipher knowing some keystream bits by fixing some state bits. This algorithm searches for the number of fixing bits as minimum as possible. Applying the algorithm, we could recover \(10,11, \ldots , 24\) state bits by fixing 10, 12, 14, 16, 18, 20, 22, 24, 38, 40, 42, 44, 46, 48, 50 state bits respectively for Lizard and 35, 48 state bits by fixing 34, 54 state bits respectively for Grain-128a. The result on Lizard beats the previous result, which can recover 14 state bits by fixing 30 state bits and the result on Grain-128a is the first one in this direction. Further, we present the Time-Memory-Data Trade-Off (TMDTO) curve by using the number of recovering and fixing state bits. Then we use the obtained results on the number of recovering and fixing state bits of Lizard and Grain 128a to implement the TMDTO attack to recover other state bits of these two ciphers. Our results supersede the previous result by Maitra et al. (IEEE Trans Comput 67(5):733–739, 2018) (i.e., \(T = M = D =2^{54}\)) on TMDTO attack on Lizard. The best results for Lizard are
1.
\(T = M = 2^{54}, D = 2^{48}\) which requires 64 times lesser data than in Maitra et al. (IEEE Trans Comput 67(5):733–739, 2018);
 
2.
\(T = 2^{52}, M = D = 2^{53}\) or, \(D = 2^{52}, M = T = 2^{53}\) which improves the minimization of \( \max \{T, M, D\}\);
 
3.
\(T = 2^{50}, M = D = 2^{54}\), which reduces the time complexity by 16 times than in Maitra et al. (IEEE Trans Comput 67(5):733–739, 2018);
 
4.
\(T = 2^{42}, M = D = 2^{60}\) which reduces the time complexity by \(2^{18}\) times with respect to overall complexity of Lizard claimed by Hamann et al. in FSE 2017.
 
next article From primary to dual affine variety codes over the Klein quartic
Appendix
Available only for authorised users
Literature
1.
Ågren M., Hell M., Johansson T., Meier W.: Grain-128a: a new version of Grain-128 with optional authentication. IJWMC 5(1), 48–59 (2011).CrossRef
2.
Babbage S.: A space/time tradeoff in exhaustive search attacks on stream ciphers. In: European Convention on Security and Detection, vol. 408. IEE Conference Publication (1995).
3.
Banik S., Maitra S., Sarkar S.: A differential fault attack on Grain-128a using macs. In: Second International Conference, SPACE 2012, vol. 7644 of Lecture Notes in Computer Science, pp. 111–125. Springer (2012).
4.
Banik S., Maitra S., Sarkar S., Turan M.S.: A chosen IV related key attack on Grain-128a. In: 18th Australasian Conference, ACISP 2013, vol. 7959 of Lecture Notes in Computer Science, pp. 13–26. Springer (2013).
5.
Banik S., Isobe T., Cui T., Guo J.: Some cryptanalytic results on Lizard. IACR Trans. Symmetric Cryptol. 2017(4), 82–98 (2017).CrossRef
6.
Biryukov A., Shamir A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Advances in Cryptology—ASIACRYPT 2000, vol. 1976 in Lecture Notes in Computer Science, pp. 1–13. Springer (2000).
7.
Biryukov A., Shamir A., Wagner D.: Real time cryptanalysis of A5/1 on a pc. In: Fast Software Encryption–FSE 2000, vol. 1978 in Lecture Notes in Computer Science, pp. 1–18. Springer (2001).
8.
9.
Dalai D.K., Pal S.: Recovering internal states of Grain-v1. In: Information Security Practice and Experience—ISPEC 2019, vol. 11879 in Lecture Notes in Computer Science, pp. 325–337. Springer (2019).
10.
Ding L., Jin C., Guan J., Qi C.: New treatment of the BSW sampling and its applications to stream ciphers. In: Progress in Cryptology—AFRICACRYPT 2014, vol. 8469 in Lecture Notes in Computer Science, pp. 136–146. Springer (2014).
11.
Ding L., Jin C., Guan J., Zhang S., Li J., Wang H., Zhao W.: New state recovery attacks on the Grain-v1 stream cipher. China Commun. 13(11), 180–188 (2016).CrossRef
12.
Dunkelman O., Nathan K.: Treatment of the initial value in time-memory-data tradeoff attacks on stream ciphers. Inf. Process. Lett. 107(5), 133–137 (2008).MathSciNetCrossRef
13.
14.
Golić J.D.: Cryptanalysis of alleged A5 stream cipher. In: Advances in Cryptology—EUROCRYPT 1997, vol. 1233 in Lecture Notes in Computer Science, pp. 239–255. Springer (1997).
15.
Hamann M., Krause M., Meier W.: LIZARD–a lightweight stream cipher for power-constrained devices. IACR Trans. Symmetric Cryptol. 2017(1), 45–79 (2017).CrossRef
16.
Hell M., Johansson T., Meier W.: Grain: a stream cipher for constrained environments. Int. J. Wirel. Mob. Comput. 2(1), 86–93 (2007).CrossRef
17.
18.
Jiao L., Zhang B., Wang M.: Two generic methods of analyzing stream ciphers. In: International Conference on Information Security—ISC 2015, vol. 9290 in Lecture Notes in Computer Science, pp. 379–396. Springer (2015).
19.
Lehmann M., Meier W.: Conditional differential cryptanalysis of Grain-128a. In: Cryptology and Network Security, 11th International Conference, CANS 2012. Proceedings, vol. 7712, pp. 1–11. Springer (2012).
20.
Maitra S., Sinha N., Siddhanti A., Anand R., Gangopadhyay S.: A TMDTO attack against Lizard. IEEE Trans. Comput. 67(5), 733–739 (2018).MathSciNetCrossRef
21.
Mihaljević M., Sinha N., Gangopadhyay S., Maitra S., Paul G., Matsuura K.: An improved cryptanalysis of lightweight stream cipher Grain-v1. In: Cryptacus: Workshop and MC Meeting (2017).
22.
23.
Todo Y., Isobe T., Meier W., Aoki K., Zhang B.: Fast correlation attack revisited—cryptanalysis on full Grain-128a,Grain-128, and Grain-v1. In: Advances in Cryptology—CRYPTO 2018, vol.10992 of Lecture Notes in Computer Science, pp. 129–159. Springer (2018).
24.
van den Broek F., Poll E.: A comparison of time-memory trade-off attacks on stream ciphers. In: Progress in Cryptology—AFRICACRYPT 2013, vol. 7918 in Lecture Notes in Computer Science, pp. 406–423. Springer (2013).
Metadata
Title
A state bit recovery algorithm with TMDTO attack on Lizard and Grain-128a
Authors
Deepak Kumar Dalai
Santu Pal
Santanu Sarkar
Publication date
21-01-2022
Publisher
Springer US
Published in
Designs, Codes and Cryptography / Issue 3/2022
Print ISSN: 0925-1022
Electronic ISSN: 1573-7586
DOI
https://doi.org/10.1007/s10623-021-00984-3

Other articles of this Issue 3/2022

Designs, Codes and Cryptography 3/2022 Go to the issue

OriginalPaper

Efficient quantum homomorphic encryption scheme with flexible evaluators and its simulation

OriginalPaper

Cameron–Liebler k-sets in subspaces and non-existence conditions

OriginalPaper

Linear codes from support designs of ternary cyclic codes

OriginalPaper

Uniqueness of the inversive plane of order sixty-four

OriginalPaper

On the locality of quasi-cyclic codes over finite fields

OriginalPaper

On subset-resilient hash function families

Premium Partner

    Image Credits