Abstract
Grain [11] is a lightweight stream cipher proposed by M. Hell, T. Johansson, and W. Meier to the eSTREAM call for stream cipher proposals of the European project ECRYPT [5]. Its 160-bit internal state is divided into a LFSR and an NFSR of length 80 bits each. A filtering boolean function is used to derive each keystream bit from the internal state. By combining linear approximations of the feedback function of the NFSR and of the filtering function, it is possible to derive linear approximation equations involving the keystream and the LFSR initial state. We present a key recovery attack against Grain which requires 243 computations and 238 keystream bits to determine the 80-bit key.
The work described in this paper has been supported in part by Grant VR 621-2001-2149, in part by the French Ministry of Research RNRT X-CRYPT project and in part by the European Commission through the IST Program under Contract IST-2002-507932 ECRYPT.
Chapter PDF
Similar content being viewed by others
References
Briceno, M., Goldberg, I., Wagner, D.: A pedagogical implementation of A5/1. (1999), Available at, http://jya.com/a51-pi.htm (accessed August 18, 2003)
Canteaut, A., Trabbia, M.: Improved fast correlation attacks using parity-check equations of weight 4 and 5. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 573–588. Springer, Heidelberg (2000)
Chepyzhov, V., Smeets, B.: On a fast correlation attack on certain stream ciphers. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 176–185. Springer, Heidelberg (1991)
Dodd, M.W.: Applications of the Discrete Fourier Transform in Information Theory and Cryptology. PhD thesis, University of London (2003)
ECRYPT. eSTREAM: ECRYPT Stream Cipher Project, IST-2002-507932. (2005), Available at, http://www.ecrypt.eu.org/stream/ (accessed September 29, 2005)
Ekdahl, P., Johansson, T.: Another attack on A5/1. In: Proceedings of International Symposium on Information Theory, p. 160. IEEE, Los Alamitos (2001)
Ekdahl, P., Johansson, T.: Another attack on A5/1. IEEE Transactions on Information Theory 49(1), 284–289 (2003)
Englund, H., Johansson, T.: A new simple technique to attack filter generators and related ciphers. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004, vol. 3357, pp. 39–53. Springer, Heidelberg (2004)
Gilbert, H., Audoux, P.: Improved fast correlation attacks on stream ciphers using FFT techniques. Personnal communication (2000)
Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997)
Hell, M., Johansson, T., Meier, W.: Grain - A Stream Cipher for Constrained Environments. ECRYPT Stream Cipher Project Report 2005/001 (2005), http://www.ecrypt.eu.org/stream
Hell, M., Johansson, T., Meier, W.: Grain - A Stream Cipher for Constrained Environments (2005), http://www.it.lth.se/grain
Johansson, T., Jönsson, F.: Fast correlation attacks based on turbo code techniques. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 181–197. Springer, Heidelberg (1999)
Johansson, T., Jönsson, F.: Improved fast correlation attacks on stream ciphers via convolutional codes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 347–362. Springer, Heidelberg (1999)
F. Jönsson. Some Results on Fast Correlation Attacks. PhD thesis, Lund University, Department of Information Technology, P.O. Box 118, SE–221 00, Lund, Sweden (2002)
Joux, A., Chose, P., Mitton, M.: Fast Correlation Attacks: An Algorithmic Point of View. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 209–221. Springer, Heidelberg (2002)
Kaliski Jr, B.S., Robshaw, M.J.B.: Linear Cryptanalysis Using Multiple Approximations. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 26–39. Springer, Heidelberg (1994)
Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)
Maximov, A.: Cryptanalysis of the “Grain” family of stream ciphers. ACM Transactions on Information and System Security, TISSEC (2006)
Meier, W., Staffelbach, O.: Fast correlation attacks on stream ciphers. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 301–316. Springer, Heidelberg (1988)
Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. Journal of Cryptology 1(3), 159–176 (1989)
Meier, W., Staffelbach, O.: The self-shrinking generator. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 205–214. Springer, Heidelberg (1995)
Mihaljevic, M., Golić, J.D.: A fast iterative algorithm for a shift register initial state reconstruction given the noisy output sequence. In: Seberry, J., Pieprzyk, J.P. (eds.) AUSCRYPT 1990. LNCS, vol. 453, pp. 165–175. Springer, Heidelberg (1990)
NESSIE. New European Schemes for Signatures, Integrity, and Encryption (1999). Available at, http://www.cryptonessie.org (accessed August 18, 2003)
Penzhorn, W.T., Kühn, G.J.: Computation of low-weight parity checks for correlation attacks on stream ciphers. In: Boyd, C. (ed.) Cryptography and Coding 1995. LNCS, vol. 1025, pp. 74–83. Springer, Heidelberg (1995)
Hassanzadeh, M., Khazaei, S., Kiaei, M.: Distinguishing Attack on Grain. ECRYPT Stream Cipher Project Report 2005/001 (2005), http://www.ecrypt.eu.org/stream
Siegenthaler, T.: Correlation-immunity of non-linear combining functions for cryptographic applications. IEEE Transactions on Information Theory 30, 776–780 (1984)
Siegenthaler, T.: Decrypting a class of stream ciphers using ciphertext only. IEEE Transactions on Computers 34, 81–85 (1985)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Berbain, C., Gilbert, H., Maximov, A. (2006). Cryptanalysis of Grain. In: Robshaw, M. (eds) Fast Software Encryption. FSE 2006. Lecture Notes in Computer Science, vol 4047. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11799313_2
Download citation
DOI: https://doi.org/10.1007/11799313_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36597-6
Online ISBN: 978-3-540-36598-3
eBook Packages: Computer ScienceComputer Science (R0)