nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

On the Data Limitation of Small-State Stream Ciphers: Correlation Attacks on Fruit-80 and Plantlet

verfasst von : Yosuke Todo, Willi Meier, Kazumaro Aoki

Erschienen in: Selected Areas in Cryptography – SAC 2019

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Many cryptographers have focused on lightweight cryptography, and a huge number of lightweight block ciphers have been proposed. On the other hand, designing lightweight stream ciphers is a challenging task due to the well-known security criteria, i.e., the state size of stream ciphers must be at least twice the key size. The designers of Sprout addressed this issue by involving the secret key not only in the initialization but also in the keystream generation, and the state size of such stream ciphers can be smaller than twice the key size. After the seminal work, some small-state stream ciphers have been proposed such as Fruit, Plantlet, and LIZARD. Unlike conventional stream ciphers, these small-state stream ciphers have the limitation of keystream bits that can be generated from the same key and IV pair. In this paper, our motivation is to show whether the data limitation claimed by the designers is proper or not. The correlation attack is one of the attack methods exploiting many keystream bits generated from the same key and IV pair, and we apply it to Fruit-80 and Plantlet. As a result, we can break the full Fruit-80, i.e., the designers’ data limitation is not sufficient. We can also recover the secret key of Plantlet if it allows about \(2^{53}\) keystream bits from the same key and IV pair.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Tight Security Bounds for Generic Stream Cipher Constructions

Nächstes Kapitel A Lightweight Alternative to PMAC

Nur mit Berechtigung zugänglich

If the correct initial state is guessed, it follows \(\mathcal{N}(Nc, N-Nc^2)\). However, since N is huge and \(N c^2\) is small, \(\mathcal{N}(Nc, N)\) is enough to approximate the distribution.

Another contribution of [20] is to show the link between the parity-check equation and the multiplication over a finite field. This link is used to execute the correlation attack without guessing the whole of the initial state of the LFSR, but we do not use this technique because the size of the LFSR is small enough.

Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_31CrossRef

Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_22CrossRef

Beierle, C., Jean, J., Kölbl, S., Leander, G., Moradi, A., Peyrin, T., Sasaki, Y., Sasdrich, P., Sim, S.M.: The SKINNY family of block ciphers and its low-latency variant MANTIS. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 123–153. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53008-5_5CrossRef

Banik, S., Pandey, S.K., Peyrin, T., Sasaki, Y., Sim, S.M., Todo, Y.: GIFT: a small Present. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 321–345. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_16CrossRef

Babbage, S.H.: Improved “exhaustive search” attacks on stream ciphers. In: European Convention on Security and Detection 1995, pp. 161–166 (1995)

Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_17CrossRef

Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_1CrossRef

Armknecht, F., Mikhalev, V.: On lightweight stream ciphers with shorter internal states. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 451–470. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48116-5_22CrossRef

Lallemand, V., Naya-Plasencia, M.: Cryptanalysis of full Sprout. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 663–682. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-47989-6_32CrossRef

10.

Esgin, M.F., Kara, O.: Practical cryptanalysis of full Sprout with TMD tradeoff attacks. In: Dunkelman, O., Keliher, L. (eds.) SAC 2015. LNCS, vol. 9566, pp. 67–85. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31301-6_4CrossRef

11.

Banik, S.: Some results on Sprout. In: Biryukov, A., Goyal, V. (eds.) INDOCRYPT 2015. LNCS, vol. 9462, pp. 124–139. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26617-6_7CrossRef

12.

Zhang, B., Gong, X.: Another tradeoff attack on Sprout-like stream ciphers. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 561–585. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48800-3_23CrossRef

13.

Ghafari, V.A., Hu, H., Xie, C.: Fruit: ultra-lightweight stream cipher with shorter internal state. Cryptology ePrint Archive, Report 2016/355 (2016). http://eprint.iacr.org/2016/355

14.

Dey, S., Sarkar, S.: Cryptanalysis of full round Fruit. Cryptology ePrint Archive, Report 2017/087 (2017). http://eprint.iacr.org/2017/087

15.

Zhang, B., Gong, X., Meier, W.: Fast correlation attacks on Grain-like small state stream ciphers. IACR Trans. Symm. Cryptol. 2017(4), 58–81 (2017). https://doi.org/10.13154/tosc.v2017.i4.58-81CrossRef

16.

Ghafari, V.A., Hu, H., Chen, Y.: Fruit-v2: ultra-lightweight stream cipher with shorter internal state. IACR Cryptology ePrint Archive 2016, 355 (2016)

17.

Ghafari, V.A., Hu, H., Alizadeh, M.: Necessary conditions for designing secure stream ciphers with the minimal internal states. Cryptology ePrint Archive, Report 2017/765 (2017). http://eprint.iacr.org/2017/765

18.

Ghafari, V.A., Hu, H.: Fruit-80: a secure ultra-lightweight stream cipher for constrained environments. Entropy 20(3), 180 (2018)CrossRef

19.

Mikhalev, V., Armknecht, F., Müller, C.: On ciphers that continuously access the non-volatile key. IACR Trans. Symm. Cryptol. 2016(2), 52–79 (2016). https://doi.org/10.13154/tosc.v2016.i2.52-79CrossRef

20.

Todo, Y., Isobe, T., Meier, W., Aoki, K., Zhang, B.: Fast correlation attack revisited. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 129–159. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_5CrossRef

21.

Matsui, M.: On correlation between the order of S-boxes and the strength of DES. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 366–375. Springer, Heidelberg (1995). https://doi.org/10.1007/BFb0053451CrossRef

22.

Siegenthaler, T.: Correlation-immunity of nonlinear combining functions for cryptographic applications. IEEE Trans. Inf. Theory 30(5), 776–780 (1984)MathSciNetCrossRef

23.

Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. J. Cryptol. 1(3), 159–176 (1989)MathSciNetCrossRef

24.

Chose, P., Joux, A., Mitton, M.: Fast correlation attacks: an algorithmic point of view. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 209–221. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_14CrossRef

25.

Ågren, M., Hell, M., Johansson, T., Meier, W.: Grain-128a: a new version of Grain-128 with optional authentication. IJWMC 5(1), 48–59 (2011)CrossRef

Titel: On the Data Limitation of Small-State Stream Ciphers: Correlation Attacks on Fruit-80 and Plantlet
verfasst von: Yosuke Todo
Willi Meier
Kazumaro Aoki
Verlag: Springer International Publishing
Buch: Selected Areas in Cryptography – SAC 2019
Print ISBN: 978-3-030-38470-8

Electronic ISBN: 978-3-030-38471-5

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-38471-5_15

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner