{"title":"Conditional differential attacks on Grain-128a stream cipher","authors":"Zhen Ma, Tian Tian, Wen-feng Qi","doi":"10.1049/iet-ifs.2016.0060","DOIUrl":null,"url":null,"abstract":"The well-known stream cipher Grain-128a is the new version of Grain-128. While Grain-128 is vulnerable against several introduced attacks, Grain-128a is claimed to be secure against all known attacks and observations on Grain-128. So far the only published single-key attack on Grain-128a is the conditional differential cryptanalysis proposed by Michael Lehmann et al. at CANS 2012. In their analysis, a distinguishing attack on 189-round Grain-128a in a weak-key setting was proposed. In this study, the authors present two new conditional differential attacks on Grain-128a, i.e. attack A and attack B. In attack A, the authors successfully retrieve 18 secret key expressions for 169-round Grain-128a. To the best of our knowledge, attack A is the first attack to retrieve secret key expressions for reduced Grain-128a. In attack B, the authors extend the distinguishing attack against Grain-128a up to 195 rounds in a weak-key setting. Thus far, attack B is the best known attack for reduced Grain-128a as far as the number of rounds attacked is concerned. Hopefully, the authors’ reflections on the design of Grain-128a provide insights on such compact stream ciphers.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"1 1","pages":"139-145"},"PeriodicalIF":0.0000,"publicationDate":"2017-04-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1049/iet-ifs.2016.0060","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 12
Abstract
The well-known stream cipher Grain-128a is the new version of Grain-128. While Grain-128 is vulnerable against several introduced attacks, Grain-128a is claimed to be secure against all known attacks and observations on Grain-128. So far the only published single-key attack on Grain-128a is the conditional differential cryptanalysis proposed by Michael Lehmann et al. at CANS 2012. In their analysis, a distinguishing attack on 189-round Grain-128a in a weak-key setting was proposed. In this study, the authors present two new conditional differential attacks on Grain-128a, i.e. attack A and attack B. In attack A, the authors successfully retrieve 18 secret key expressions for 169-round Grain-128a. To the best of our knowledge, attack A is the first attack to retrieve secret key expressions for reduced Grain-128a. In attack B, the authors extend the distinguishing attack against Grain-128a up to 195 rounds in a weak-key setting. Thus far, attack B is the best known attack for reduced Grain-128a as far as the number of rounds attacked is concerned. Hopefully, the authors’ reflections on the design of Grain-128a provide insights on such compact stream ciphers.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
