Published: July 24, 2013
Author(s)
S. Banik, S. Maitra, S. Sarkar, Meltem Sönmez Turan
Conference
Name: 18th Australasian Conference on Information Security and Privacy (ACISP 2013)
Dates: July 1-3, 2013
Location: Brisbane, Australia
Citation: Information Security and Privacy, Lecture Notes in Computer Science vol. 7959, pp. 13-26
Announcement
Due to the symmetric padding used in the stream cipher Grain v1 and Grain-128, it is possible to find Key-IV pairs that generate shifted keystreams efficiently. Based on this observation, Lee et al. presented a chosen IV related Key attack on Grain v1 and Grain-128 at ACISP 2008. Later, the designers introduced Grain-128a having an asymmetric padding. As a result, the existing idea of chosen IV related Key attack does not work on this new design. In this paper, we present a Key recovery attack on Grain-128a, in a chosen IV related Key setting. We show that using around ?·2^32 (? is a experimentally determined constant and it is sufficient to estimate it as 2^8) related Keys and ?·2^64 chosen IVs, it is possible to obtain 32·? simple nonlinear equations and solve them to recover the Secret Key in Grain-128a.
Due to the symmetric padding used in the stream cipher Grain v1 and Grain-128, it is possible to find Key-IV pairs that generate shifted keystreams efficiently. Based on this observation, Lee et al. presented a chosen IV related Key attack on Grain v1 and Grain-128 at ACISP 2008. Later, the...
See full abstract
Due to the symmetric padding used in the stream cipher Grain v1 and Grain-128, it is possible to find Key-IV pairs that generate shifted keystreams efficiently. Based on this observation, Lee et al. presented a chosen IV related Key attack on Grain v1 and Grain-128 at ACISP 2008. Later, the designers introduced Grain-128a having an asymmetric padding. As a result, the existing idea of chosen IV related Key attack does not work on this new design. In this paper, we present a Key recovery attack on Grain-128a, in a chosen IV related Key setting. We show that using around ?·2^32 (? is a experimentally determined constant and it is sufficient to estimate it as 2^8) related Keys and ?·2^64 chosen IVs, it is possible to obtain 32·? simple nonlinear equations and solve them to recover the Secret Key in Grain-128a.
Hide full abstract
Keywords
cryptography; eStream; Grain-128a; related keys; stream ciphers
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
