Advertisement

An AEAD Variant of the Grain Stream Cipher

  • Martin Hell
  • Thomas JohanssonEmail author
  • Willi Meier
  • Jonathan Sönnerup
  • Hirotaka Yoshida
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11445)

Abstract

A new Grain stream cipher, denoted Grain-128AEAD is presented, with support for authenticated encryption with associated data. The cipher takes a 128-bit key and a 96-bit IV and produces a pseudo random sequence that is used for encryption and authentication of messages. The design is based on Grain-128a but introduces a few changes in order to increase the security and protect against recent cryptanalysis results. The MAC is 64 bits, as specified by the NIST requirements in their lightweight security standardization process.

Keywords

Grain Stream cipher AEAD NIST 

Supplementary material

References

  1. 1.
    Amin Ghafari, V., Hu, H.: Fruit-80: a secure ultra-lightweight stream cipher for constrained environments. Entropy 20(3), 180 (2018)CrossRefGoogle Scholar
  2. 2.
    Armknecht, F., Mikhalev, V.: On lightweight stream ciphers with shorter internal states. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 451–470. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48116-5_22CrossRefGoogle Scholar
  3. 3.
    Aumasson, J.P., Dinur, I., Henzen, L., Meier, W., Shamir, A.: Efficient FPGA implementations of high-dimensional cube testers on the stream cipher Grain-128. In: SHARCS 2009 Special-purpose Hardware for Attacking Cryptographic Systems, p. 147 (2009)Google Scholar
  4. 4.
    Babbage, S.: Improved “exhaustive search” attacks on stream ciphers. In: IET Conference Proceedings, pp. 161–166(5), January 1995Google Scholar
  5. 5.
    Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on Grain-128a using MACs. In: Bogdanov, A., Sanadhya, S. (eds.) SPACE 2012. LNCS, pp. 111–125. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34416-9_8CrossRefGoogle Scholar
  6. 6.
    Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on the grain family of stream ciphers. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 122–139. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-33027-8_8CrossRefGoogle Scholar
  7. 7.
    Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on the grain family under reasonable assumptions. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 191–208. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-34931-7_12CrossRefGoogle Scholar
  8. 8.
    Banik, S., Maitra, S., Sarkar, S., Meltem Sönmez, T.: A chosen IV related key attack on Grain-128a. In: Boyd, C., Simpson, L. (eds.) ACISP 2013. LNCS, vol. 7959, pp. 13–26. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39059-3_2CrossRefGoogle Scholar
  9. 9.
    Banik, S., et al.: Towards low energy stream ciphers. IACR Trans. Symmetric Cryptol. 2018(2), 1–19 (2018)Google Scholar
  10. 10.
    Berbain, C., Gilbert, H., Maximov, A.: Cryptanalysis of grain. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 15–29. Springer, Heidelberg (2006).  https://doi.org/10.1007/11799313_2CrossRefGoogle Scholar
  11. 11.
    Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-44448-3_1CrossRefGoogle Scholar
  12. 12.
    Biryukov, A., Shamir, A., Wagner, D.: Real time cryptanalysis of A5/1 on a PC. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 1–18. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44706-7_1CrossRefGoogle Scholar
  13. 13.
    Braeken, A., Lano, J.: On the (Im)possibility of practical and secure nonlinear filters and combiners. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 159–174. Springer, Heidelberg (2006).  https://doi.org/10.1007/11693383_11CrossRefGoogle Scholar
  14. 14.
    Cannière, C.D., Preneel, B.: Trivium. New Stream Cipher Designs - The eSTREAM Finalists, pp. 244–266 (2008)Google Scholar
  15. 15.
    Castagnos, G., et al.: Fault analysis of GRAIN-128. In: IEEE International Workshop on (HST) Hardware-Oriented Security and Trust, pp. 7–14 (2009)Google Scholar
  16. 16.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000).  https://doi.org/10.1007/3-540-45539-6_27CrossRefGoogle Scholar
  17. 17.
    Courtois, N.T.: Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_11CrossRefGoogle Scholar
  18. 18.
    Ding, L., Guan, J.: Related key chosen IV attack on Grain-128a stream cipher. IEEE Trans. Inf. Forensics Secur. 8(5), 803–809 (2013)CrossRefGoogle Scholar
  19. 19.
    Dinur, I., Güneysu, T., Paar, C., Shamir, A., Zimmermann, R.: An experimentally verified attack on full Grain-128 using dedicated reconfigurable hardware. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 327–343. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-25385-0_18CrossRefGoogle Scholar
  20. 20.
    Dinur, I., Shamir, A.: Breaking Grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-21702-9_10CrossRefGoogle Scholar
  21. 21.
    Fu, X., Wang, X., Chen, J., Stevens, M.: Determining the nonexistent terms of non-linear multivariate polynomials: how to break Grain-128 more efficiently. IACR Cryptol. ePrint Archive 2017, 412 (2017)Google Scholar
  22. 22.
    Ghafari, V.A., Hu, H.: A new chosen IV statistical attack on Grain-128a cipher. In: 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp. 58–62. IEEE (2017)Google Scholar
  23. 23.
    Ghafari, V.A., Hu, H., Xie, C.: Fruit: ultra-lightweight stream cipher with shorter internal state. eSTREAM, ECRYPT Stream Cipher Project (2016)Google Scholar
  24. 24.
    Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997).  https://doi.org/10.1007/3-540-69053-0_17CrossRefGoogle Scholar
  25. 25.
    Hamann, M., Krause, M.: On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks. Cryptogr. Commun. 10(5), 959–1012 (2018)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Hamann, M., Krause, M., Meier, W.: Lizard-a lightweight stream cipher for power-constrained devices. IACR Trans. Symmetric Cryptol. 2017(1), 45–79 (2017)Google Scholar
  27. 27.
    Hell, M., Johansson, T., Maximov, A., Meier, W.: A stream cipher proposal: Grain-128. In: 2006 IEEE International Symposium on Information Theory, pp. 1614–1618. IEEE (2006)Google Scholar
  28. 28.
    Hell, M., Johansson, T., Meier, W.: Grain: a stream cipher for constrained environments. Int. J. Wirel. Mob. Comput. 2(1), 86–93 (2007)CrossRefGoogle Scholar
  29. 29.
    Hoch, J.J., Shamir, A.: Fault analysis of stream ciphers. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 240–253. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-28632-5_18CrossRefGoogle Scholar
  30. 30.
    Honeywell: IT70 Secure Passive RFID Tag. Technical Specifications (2017). https://www.honeywellaidc.com/products/rfid/tags-labels/it70
  31. 31.
    ISO/IEC 29192-3:2012 information technology - security techniques - lightweight cryptography - part 3: Stream ciphers (2012)Google Scholar
  32. 32.
    ISO/IEC 18033-1:2015 information technology - security techniques - encryption algorithms - part 1: General (2015)Google Scholar
  33. 33.
    ISO/IEC 29167-13:2015 information technology – automatic identification and data capture techniques – part 13: Crypto suite Grain-128A security services for air interface communications (2015)Google Scholar
  34. 34.
    Jiao, L., Zhang, B., Wang, M.: Two generic methods of analyzing stream ciphers. In: Lopez, J., Mitchell, C.J. (eds.) ISC 2015. LNCS, vol. 9290, pp. 379–396. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-23318-5_21CrossRefGoogle Scholar
  35. 35.
    Karlsson, L., Hell, M., Stankovski, P.: Not so greedy: enhanced subset exploration for nonrandomness detectors. In: Mori, P., Furnell, S., Camp, O. (eds.) ICISSP 2017. CCIS, vol. 867, pp. 273–294. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-93354-2_13CrossRefGoogle Scholar
  36. 36.
    Karmakar, S., Roy Chowdhury, D.: Fault analysis of Grain-128 by targeting NFSR. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 298–315. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-21969-6_19CrossRefGoogle Scholar
  37. 37.
    Khazaei, S., Hasanzadeh, M.M., Kiaei, M.S.: Linear sequential circuit approximation of Grain and Trivium stream ciphers. IACR Cryptol. ePrint Archive 2006, 141 (2006)Google Scholar
  38. 38.
    Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of NLFSR-based cryptosystems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 130–145. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17373-8_8CrossRefGoogle Scholar
  39. 39.
    Lehmann, M., Meier, W.: Conditional differential cryptanalysis of Grain-128a. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 1–11. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-35404-5_1CrossRefGoogle Scholar
  40. 40.
    Ma, Z., Tian, T., Qi, W.F.: Conditional differential attacks on Grain-128a stream cipher. IET Inf. Secur. 11(3), 139–145 (2016)CrossRefGoogle Scholar
  41. 41.
    Meier, W., Pasalic, E., Carlet, C.: Algebraic attacks and decomposition of Boolean functions. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 474–491. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24676-3_28CrossRefGoogle Scholar
  42. 42.
    Mikhalev, V., Armknecht, F., Müller, C.: On ciphers that continuously access the non-volatile key. IACR Transaction Symmetric Cryptology, pp. 52–79 (2016)Google Scholar
  43. 43.
    Sarkar, S., Banik, S., Maitra, S.: Differential fault attack against Grain family with very few faults and minimal assumptions. IEEE Trans. Comput. 64(6), 1647–1657 (2015)MathSciNetCrossRefGoogle Scholar
  44. 44.
    Stankovski, P.: Greedy distinguishers and nonrandomness detectors. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 210–226. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17401-8_16CrossRefGoogle Scholar
  45. 45.
    Todo, Y.: Structural evaluation by generalized integral property. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 287–314. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_12CrossRefGoogle Scholar
  46. 46.
    Todo, Y., Isobe, T., Meier, W., Aoki, K., Zhang, B.: Fast correlation attack revisited. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 129–159. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96881-0_5CrossRefGoogle Scholar
  47. 47.
    Wang, Q., Hao, Y., Todo, Y., Li, C., Isobe, T., Meier, W.: Improved division property based cube attacks exploiting algebraic properties of superpoly. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 275–305. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96884-1_10CrossRefGoogle Scholar
  48. 48.
    Watanabe, D., Owada, T., Okamoto, K., Igarashi, Y., Kaneko, T.: Update on Enocoro stream cipher. In: 2010 International Symposium on Information Theory its Applications, pp. 778–783, October 2010Google Scholar
  49. 49.
    Zhang, B., Gong, X., Meier, W.: Fast correlation attacks on Grain-like small state stream ciphers. IACR Trans. Symmetric Cryptol. 2017(4), 58–81 (2017)Google Scholar
  50. 50.
    Ågren, M., Hell, M., Johansson, T., Meier, W.: Grain-128a: a new version of Grain-128 with optional authentication. Int. J. Wirel. Mob. Comput. 5(1), 48–59 (2011)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Martin Hell
    • 1
  • Thomas Johansson
    • 1
    Email author
  • Willi Meier
    • 2
  • Jonathan Sönnerup
    • 1
  • Hirotaka Yoshida
    • 3
  1. 1.Department of Electrical and Information TechnologyLund UniversityLundSweden
  2. 2.FHNWWindischSwitzerland
  3. 3.Cyber Physical Security Research Center (CPSEC)National Institute of Advanced Industrial Science and Technology (AIST)TokyoJapan

Personalised recommendations