Designs, Codes and Cryptography

, Volume 87, Issue 2–3, pp 349–364 | Cite as

Some results on Fruit

  • Sabyasachi Dey
  • Tapabrata Roy
  • Santanu SarkarEmail author
Part of the following topical collections:
  1. Special Issue: Coding and Cryptography


In FSE 2015, Armknecht et al. proposed a new technique to design stream ciphers, which involves repeated use of keybits in each round of the keystream bit generation. This technique showed the possibility to design stream ciphers where the internal state size is significantly lower than twice the key size. They proposed a new cipher based on this idea, named Sprout. But soon Sprout was proved to be insecure. In Crypto 2015, Lallemand et al. proposed an attack which was \(2^{10}\) times faster than the exhaustive search. But the new idea used in Sprout showed a new direction in the design of stream cipher, which led to the proposal of several new ciphers with small size of internal state. Fruit is a recently proposed cipher where both the key size and the state size are 80. In this paper, we attack full round Fruit by a divide-and-conquer method. Our attack is equivalent to \(2^{74.95}\) many Fruit encryptions, which is around 16.95 times faster than the average exhaustive key search. Our idea also works for the second version of Fruit.


Cryptanalysis Fruit Lightweight Stream cipher 

Mathematics Subject Classification




  1. 1.
    Armknecht F., Mikhalev V.: On lightweight stream ciphers with shorter internal states. In: FSE, pp. 451–470. Springer, Berlin (2015).Google Scholar
  2. 2.
    Babbage S., Dodd M.: The MICKEY stream ciphers. In: Robshaw M., Billet O. (eds.) New Stream Cipher Designs: The eSTREAM Finalists, pp. 191–209. Springer, Berlin (2008).CrossRefGoogle Scholar
  3. 3.
    Banik S.: Some Results on Sprout. In: INDOCRYPT 2015, pp. 124–139. Springer, Cham (2015).Google Scholar
  4. 4.
    Barkan E., Biham E., Shamir A.: Rigorous bounds on cryptanalytic time/memory tradeoffs. In: CRYPTO 2006, pp. 1–21. Springer, Berlin (2006).Google Scholar
  5. 5.
    Biryukov A., Shamir A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: ASIACRYPT 2000, pp. 1–13. Springer, Berlin (2000).Google Scholar
  6. 6.
    Blöcher U., Dichtl M.: Fish: a fast software stream cipher. Fast Software Encryption. (1993).
  7. 7.
    Bogdanov A., Knudsen L.R., Leander G., Paar C., Poschmann A., Robshaw M., Seurin Y., Vikkelsoe C.: Present: an ultra-lightweight block cipher. In: CHES 2007, pp. 450–466. Springer, Berlin (2007).Google Scholar
  8. 8.
    Cannière C.D., Preneel B.: Trivium. In: Robshaw M., Billet O. (eds.) New Stream Cipher Designs: The eSTREAM Finalists, pp. 244–266. Springer, Berlin (2008).CrossRefGoogle Scholar
  9. 9.
    Cannière C.D., Dunkelman O., Knezevic M.: KATAN and KTANTAN—a family of small and efficient hardware-oriented block ciphers. In: CHES 2009, pp. 272–288. Springer, Berlin (2009).Google Scholar
  10. 10.
    Dey S., Sarkar S.: Cryptanalysis of full Round Fruit. Workshop on Coding and Cryptography. (2017).
  11. 11.
    Esgin M.F., Kara O.: Practical cryptanalysis of full sprout with TMD tradeoff attacks. SAC 2015, 67–85 (2015).zbMATHGoogle Scholar
  12. 12.
    Ghafari V.A., Hu H., Chen Y.: Fruit: ultra-lightweight stream cipher with shorter internal state. In: IACR. (2016).
  13. 13.
    Gong Z., Nikova S., Law Y.W.: KLEIN: a new family of lightweight block ciphers. In: RFIDSec 2011, pp. 1–18. Springer, Berlin (2011).Google Scholar
  14. 14.
    Guo J., Peyrin T., Poschmann A., Robshaw M.: The LED block cipher. In: CHES 2011, pp. 326–341. Springer, Berlin (2011).Google Scholar
  15. 15.
    Hamann M., Krause M., Meier W., Zhang B.: On stream ciphers with small state. (2017).
  16. 16.
    Hamann M., Krause M., Meier W., Zhang B.: Design and analysis of small-state grain-like stream ciphers. Cryptogr. Commun. 10(5), 803–834 (2018).MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Hamann M., Krause M., Meier Willi: LIZARD—a lightweight stream cipher for power-constrained devices. IACR Trans. Symmetric Cryptol. 2017(1), 45–79 (2017).Google Scholar
  18. 18.
    Hamann M., Krause M., Meier W., Zhang B.: Time-memory-data tradeoff attacks against small-state stream ciphers. IACR Cryptol. ePrint Arch. 2017, 384 (2017).Google Scholar
  19. 19.
    Hell M., Johansson T., Meier W.: Grain: a stream cipher for constrained environments. In: IJWMC 2007, pp. 86–93. (2007).
  20. 20.
    Lallemand V., Plasencia M.N.: Cryptanalysis of full sprout. In: CRYPTO 2015, pp. 663–682. Springer, Berlin (2015).Google Scholar
  21. 21.
    Maitra S., Sarkar S., Baksi A., Dey P.: Key recovery from state information of sprout: application to cryptanalysis and fault attack. In: IACR. (2015).
  22. 22.
    Maitra S., Sinha N., Siddhanti A., Anand R., Gangopadhyay S.: A TMDTO attack against lizard. In: IACR. (2017) (Accepted in IEEE Trans. Comput.).
  23. 23.
    Mikhalev V., Armknecht F., Müller C.: On ciphers that continuously access the non-volatile key. Accepted in FSE (2017).Google Scholar
  24. 24.
    Plasencia M.N.: How to improve rebound attacks. In: CRYPTO 2011, pp. 188–205. Springer, Berlin (2011).Google Scholar
  25. 25.
    Shirai T., Shibutani K., Akishita T., Moriai S., Iwata T.: The 128-bit block- cipher CLEFIA (Extended Abstract). In: FSE 2007, pp. 181–195. Springer, Berlin (2007).Google Scholar
  26. 26.
    Suzaki T., Minematsu K., Morioka S., Kobayashi E.: TWINE: a lightweight block cipher for multiple platforms. In: SAC 2012, pp. 339–354. Springer, Berlin (2012).Google Scholar
  27. 27.
    Wu W., Zhang L.: LBlock: a lightweight block cipher. In: Applied Cryptography and Network Security, ACNS 2011, pp. 327–344. Springer, Berlin (2011).Google Scholar
  28. 28.
    Zhang B., Gong X.: Another tradeoff attack on sprout-like stream ciphers. In: ASIACRYPT 2015, pp. 561–585. Springer, Berlin (2015).Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of MathematicsIndian Institute of Technology MadrasChennaiIndia

Personalised recommendations