Parametric Guess and Determine Attack on Stream Ciphers

Abstract

Due to the rapid evolution and usage of IoT devices in the world, the need for lightweight cryptography for resource-constrained devices gained a great importance. Although it has been common in the cryptology community that stream ciphers are supposed to be more efficient in speed and area than block ciphers, it has been seen in the last 10–15 years that most of ciphers designed for resource-constrained devices to take up less area and less energy on hardware-based platforms, such as ASIC or FPGA, are lightweight block ciphers. On the other hand, the design and analysis of stream ciphers using keyed internal update function is put forward against this belief and it has become one of the popular study subjects in the literature in the last few years. Plantlet, proposed in 2017, and its predecessor Sprout, proposed in 2015, are famous algorithms as examples of stream ciphers using keyed internal update function. Sprout was broken after a short time by many researchers but Plantlet hasn't been succesfully broken yet. Traditionally, key stream generators of stream ciphers update their internal states only by using their current internal state. Since the use of the key in the internal update is a new approach, the security analysis of this approach is not fully understood. In this study, the security analysis of the key stream generators with keyed update function has been studied. A new attack algorithm for internal state recovery and key recovery has been developed and mounted on Plantlet algorithm as an instance of stream ciphers with keyed update function.