508 Hits in 4.2 sec

Analysis of Grain's Initialization Algorithm [chapter]

Christophe De Cannière, Özgül Küçük, Bart Preneel
2008 Lecture Notes in Computer Science  
using two related keys and 2 55 chosen IV pairs.  ...  efficient attack on both Grain v1 and Grain-128).  ...  We will then study the differential properties of the initialization, and develop a differential attack on Grain v1 which recovers one out of 2 9 keys, and requires two related keys and 2 55 chosen IV  ... 
doi:10.1007/978-3-540-68164-9_19 fatcat:o3haz66xfndljbxgspupxrk2nu

Breaking the Estream Finalists and AES Modes of Operation Faster than Exhaustive Search [article]

Khoongming Khoo, Chik How Tan
2012 arXiv   pre-print
This paper explores the time-memory-data trade-off attack on stream and block ciphers.  ...  ATTACK ON GRAIN-V1 AND GRAIN-128 WITH PRE-PROCESSING AND ONLINE COMPLEXITY FASTER THAN EXHAUSTIVE SEARCH Grain-v1 is an Estream finalist with key size 80-bit, IV size 64-bit and state size 160-bit [18  ...  Attack on Grain-v1 Consider the HS-TMD attack on Grain-v1 with key size 80-bit and IV size 64-bit. To get online attack complexity T < 2 80 , we need D ≤ √ T < 2 40 .  ... 
arXiv:1207.0269v3 fatcat:twhem2gcbbcmtdjedzqumptfeq

A New Distinguisher on Grain v1 for 106 Rounds [chapter]

Santanu Sarkar
2015 Lecture Notes in Computer Science  
In Asiacrypt 2010, Knellwolf, Meier and Naya-Plasencia pro posed distinguishing attacks on Grain v1 when (i) Key Scheduling pro cess is reduced to 97 rounds using 2 27 chosen IVs and (ii) Key Schedul ing  ...  We present a new distinguisher on Grain v1 for 106 rounds with success probability 63%. As stated, the key-stream generation of Grain v1 consists of three phases.  ...  Grain 128 and Grain 128a are inspired from Grain v1, and use a similar structure. Küçük et al. [8] proposed related key-IV attack on Grain v1.  ... 
doi:10.1007/978-3-319-26961-0_20 fatcat:fc5qc3dtpnfp7ht2dzjyqv6jhu

A Detailed Analysis of Grain family of Stream Ciphers

Mohammad Ubaidullah Bokhar, Shadab Alam, Syed Hamid Hasan
2014 International Journal of Computer Network and Information Security  
Security features and different attacks on these ciphers have been studied in this paper to analyze the strengths and weaknesses of these designs.  ...  Hardware based ciphers are most suitable for resource constrained environments to provide information security and confidentiality. Grain is one such hardware based synchronous stream cipher.  ...  This related key attack requires 2 96 chosen IVs and 2 103.613 keystream bits to recover the 128 bit key with the computational complexity of 2 96.322 . VII.  ... 
doi:10.5815/ijcnis.2014.06.05 fatcat:erhgynibfbc5zhxb2rgaemyt6a

LIZARD – A Lightweight Stream Cipher for Power-constrained Devices

Matthias Hamann, Matthias Krause, Willi Meier
2017 IACR Transactions on Symmetric Cryptology  
Lizard uses 120-bit keys, 64-bit IVs and has an inner state length of 121 bit. It is supposed to provide 80-bit security against key recovery attacks.  ...  2/3n-security against TMD tradeoff attacks aiming at key recovery.  ...  Acknowledgement We would like to thank Peter Fischer and Michael Ritzert, who provided us with the necessary technical means and additional valuable information for creating the hardware implementation  ... 
doi:10.46586/tosc.v2017.i1.45-79 fatcat:aap4zegsgvfbhe5ly76inmpkrm

LIZARD – A Lightweight Stream Cipher for Power-constrained Devices

Matthias Hamann, Matthias Krause, Willi Meier
2017 IACR Transactions on Symmetric Cryptology  
Lizard uses 120-bit keys, 64-bit IVs and has an inner state length of 121 bit. It is supposed to provide 80-bit security against key recovery attacks.  ...  2/3n-security against TMD tradeoff attacks aiming at key recovery.  ...  Moreover, we are grateful to anonymous reviewers and to  ... 
doi:10.13154/tosc.v2017.i1.45-79 dblp:journals/tosc/HamannKM17 fatcat:yy3mitkbqfftlbhxdbw7nupkzu

Fruit-80: A Secure Ultra-Lightweight Stream Cipher for Constrained Environments

2018 Entropy  
We introduced Fruit stream cipher informally in 2016 on the web page of IACR (eprint) and few cryptanalysis were published on it. Fortunately, the main structure of Fruit was resistant.  ...  To satisfy this rule and to design a concrete cipher, we used some new design ideas. It seems that the bottleneck of designing an ultra-lightweight stream cipher is TMDTO distinguishing attacks.  ...  Test Vector for Fruit-80 We use hexadecimal format for presenting the keystream, key, and IV as follows.  ... 
doi:10.3390/e20030180 pmid:33265271 fatcat:nj6lixcnf5gjtonf2p2cbdrnei

Fault analysis of GRAIN-128

Alexandre Berzati, Cecile Canovas, Guilhem Castagnos, Blandine Debraize, Louis Goubin, Aline Gouget, Pascal Paillier, Stephanie Salgado
2009 2009 IEEE International Workshop on Hardware-Oriented Security and Trust  
This paper introduces a fault attack on GRAIN-128 based on a realistic fault model and explores possible improvements of the attack. We also discuss countermeasures to counteract our fault attack.  ...  The best known mathematical attack against GRAIN-128 is the brute force key-search.  ...  DESCRIPTION OF GRAIN-128 GRAIN-128 [6] supports a 128 bits key and a 96 bits IV.  ... 
doi:10.1109/hst.2009.5225030 dblp:conf/host/CastagnosBCDGGPS09 fatcat:6wkr6yif4nderls5hsadvl3pfi

Differential Fault Attack against Grain Family with Very Few Faults and Minimal Assumptions

Santanu Sarkar, Subhadeep Banik, Subhamoy Maitra
2015 IEEE transactions on computers  
The series of published works, related to Differential Fault Attack (DFA) against the Grain family, require (i) quite a large number (hundreds) of faults (around n ln n, where n = 80 for Grain v1 and n  ...  = 128 for Grain-128, Grain-128a) and also (ii) several assumptions on location and timing of the fault injected.  ...  -For Grain v1 and Grain-128 we outline techniques that allows the adversary to relax requirements related to the timing of fault injections.  ... 
doi:10.1109/tc.2014.2339854 fatcat:fwag63zyz5ajbdjatw6acieoaq

Two Generic Methods of Analyzing Stream Ciphers [chapter]

Lin Jiao, Bin Zhang, Mingsheng Wang
2015 Lecture Notes in Computer Science  
We show the power of the new methods by analyzing two stream ciphers: Grain-v1 and ACORN. Grain-v1 is one of the finalists selected in the eSTREAM project.  ...  We present a timememory-data tradeoff attack against Grain-v1 by importing the idea of conditional sampling resistance based on the k-linear-normality and a specific guessing path, with the parameters  ...  In [12] , a slide property in the initialization phase was discovered, and later mounted with several related-key chosen IV attacks [22] .  ... 
doi:10.1007/978-3-319-23318-5_21 fatcat:5bwwwikswvfprgime2bfai3g4m

A Differential Fault Attack on the Grain Family of Stream Ciphers [chapter]

Subhadeep Banik, Subhamoy Maitra, Santanu Sarkar
2012 Lecture Notes in Computer Science  
The Grain family uses an n-bit key K, and an m-bit initialization vector IV , with m < n. The key is loaded in the NFSR and the IV is loaded in the 0 th to the (m − 1) th bits of the LFSR.  ...  The existing works, by Karmakar et al. (2011) , are applicable only on Grain-128 exploiting certain properties of the combining Boolean function h.  ...  In Grain v1, the size of Key is n = 80 bits and the IV is of size m = 64 bits. The pad used in the KLA is P = 0xFFFF.  ... 
doi:10.1007/978-3-642-33027-8_8 fatcat:m67lsnvp4rhyloe46byjmd7tju

Differential Fault Attack on Grain v1, ACORN v3 and Lizard [chapter]

Akhilesh Siddhanti, Santanu Sarkar, Subhamoy Maitra, Anupam Chattopadhyay
2017 Lecture Notes in Computer Science  
In this paper we study DFA on three ciphers, namely Grain v1, Lizard and ACORN v3.  ...  In this paper, we mount a DFA on ACORN v3 that requires 9 faults to obtain the state. In case of Grain v1 and ACORN v3, we can obtain the secret key once the state is known.  ...  Till now, there has been no reported cryptanalysis on Lizard apart from a related key/IV attack shown in [5] .  ... 
doi:10.1007/978-3-319-71501-8_14 fatcat:2eqv6ima2naiblx2dpr2s7kq74

Grain-128a: a new version of Grain-128 with optional authentication

Martin Ågren, Martin Hell, Thomas Johansson, Willi Meier
2011 International Journal of Wireless and Mobile Computing  
The new version, Grain-128a, is strengthened against all known attacks and observations on the original Grain-128, and has built-in support for optional authentication.  ...  The changes are modest, keeping the basic structure of Grain-128. This gives a high confidence in Grain-128a and allows for easy updating of existing implementations.  ...  Recognizing the emerging need for 128-bit keys, proposed Grain-128 supporting 128-bit keys and 96-bit IVs.  ... 
doi:10.1504/ijwmc.2011.044106 fatcat:bxcud66u3zdftpcllzcrrc67vi

Dynamic cube attack on Grain-v1

Majid Rahimi, Mohammad Reza Aref, Mostafa Barmshory, Mohammad Hadi Mansouri
2016 IET Information Security  
This article aims to present dynamic cube attack on Grain-v1. Dynamic cube attack finds the secret key by using distinguishers gained from structural weakness.  ...  Our attack is done in feasible time complexity, and it recovers all bits of the key while the number of initialization rounds in Grain-v1 is decreased to 100.  ...  This paper concentrates dynamic cube attack on Grain-v1 and elaborates on how to use it in key recovery attack.  ... 
doi:10.1049/iet-ifs.2014.0239 fatcat:g4w2r53to5b5xc2aohs2hzmts4

Catalog and Illustrative Examples of Lightweight Cryptographic Primitives [chapter]

Aleksandra Mileva, Vesna Dimitrova, Orhun Kara, Miodrag J. Mihaljević
2021 Security of Ubiquitous Computing Systems  
In particular, the reason behind why modern lightweight block cipher designs have in the last decade overwhelmingly dominated stream cipher design is analyzed in terms of security against tradeoff attacks  ...  cryptographic features, ultimate hardware performance, and existing security analysis, so they can easily compare the ciphers or choose some of them according to their needs.  ...  Trivium [127] Key-recovery attack [224]: 2 77 on 855 rounds Quavium [555] − WG-8 [207] Related key attacks [180] with one related key 2 52 chosen IVs/−/ 2 53.32 ZUC (v 1.6) − KP-Known Plaintext  ... 
doi:10.1007/978-3-030-10591-4_2 fatcat:d2gtrxu225asnmubp5ezfloz3m
« Previous Showing results 1 — 15 out of 508 results