An AEAD Variant of the Grain Stream Cipher

  • Martin Hell
  • Thomas JohanssonEmail author
  • Willi Meier
  • Jonathan Sönnerup
  • Hirotaka Yoshida
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11445)


A new Grain stream cipher, denoted Grain-128AEAD is presented, with support for authenticated encryption with associated data. The cipher takes a 128-bit key and a 96-bit IV and produces a pseudo random sequence that is used for encryption and authentication of messages. The design is based on Grain-128a but introduces a few changes in order to increase the security and protect against recent cryptanalysis results. The MAC is 64 bits, as specified by the NIST requirements in their lightweight security standardization process.


Grain Stream cipher AEAD NIST 

Supplementary material


  1. 1.
    Amin Ghafari, V., Hu, H.: Fruit-80: a secure ultra-lightweight stream cipher for constrained environments. Entropy 20(3), 180 (2018)CrossRefGoogle Scholar
  2. 2.
    Armknecht, F., Mikhalev, V.: On lightweight stream ciphers with shorter internal states. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 451–470. Springer, Heidelberg (2015). Scholar
  3. 3.
    Aumasson, J.P., Dinur, I., Henzen, L., Meier, W., Shamir, A.: Efficient FPGA implementations of high-dimensional cube testers on the stream cipher Grain-128. In: SHARCS 2009 Special-purpose Hardware for Attacking Cryptographic Systems, p. 147 (2009)Google Scholar
  4. 4.
    Babbage, S.: Improved “exhaustive search” attacks on stream ciphers. In: IET Conference Proceedings, pp. 161–166(5), January 1995Google Scholar
  5. 5.
    Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on Grain-128a using MACs. In: Bogdanov, A., Sanadhya, S. (eds.) SPACE 2012. LNCS, pp. 111–125. Springer, Heidelberg (2012). Scholar
  6. 6.
    Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on the grain family of stream ciphers. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 122–139. Springer, Heidelberg (2012). Scholar
  7. 7.
    Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on the grain family under reasonable assumptions. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 191–208. Springer, Heidelberg (2012). Scholar
  8. 8.
    Banik, S., Maitra, S., Sarkar, S., Meltem Sönmez, T.: A chosen IV related key attack on Grain-128a. In: Boyd, C., Simpson, L. (eds.) ACISP 2013. LNCS, vol. 7959, pp. 13–26. Springer, Heidelberg (2013). Scholar
  9. 9.
    Banik, S., et al.: Towards low energy stream ciphers. IACR Trans. Symmetric Cryptol. 2018(2), 1–19 (2018)Google Scholar
  10. 10.
    Berbain, C., Gilbert, H., Maximov, A.: Cryptanalysis of grain. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 15–29. Springer, Heidelberg (2006). Scholar
  11. 11.
    Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000). Scholar
  12. 12.
    Biryukov, A., Shamir, A., Wagner, D.: Real time cryptanalysis of A5/1 on a PC. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 1–18. Springer, Heidelberg (2001). Scholar
  13. 13.
    Braeken, A., Lano, J.: On the (Im)possibility of practical and secure nonlinear filters and combiners. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 159–174. Springer, Heidelberg (2006). Scholar
  14. 14.
    Cannière, C.D., Preneel, B.: Trivium. New Stream Cipher Designs - The eSTREAM Finalists, pp. 244–266 (2008)Google Scholar
  15. 15.
    Castagnos, G., et al.: Fault analysis of GRAIN-128. In: IEEE International Workshop on (HST) Hardware-Oriented Security and Trust, pp. 7–14 (2009)Google Scholar
  16. 16.
    Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000). Scholar
  17. 17.
    Courtois, N.T.: Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003). Scholar
  18. 18.
    Ding, L., Guan, J.: Related key chosen IV attack on Grain-128a stream cipher. IEEE Trans. Inf. Forensics Secur. 8(5), 803–809 (2013)CrossRefGoogle Scholar
  19. 19.
    Dinur, I., Güneysu, T., Paar, C., Shamir, A., Zimmermann, R.: An experimentally verified attack on full Grain-128 using dedicated reconfigurable hardware. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 327–343. Springer, Heidelberg (2011). Scholar
  20. 20.
    Dinur, I., Shamir, A.: Breaking Grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011). Scholar
  21. 21.
    Fu, X., Wang, X., Chen, J., Stevens, M.: Determining the nonexistent terms of non-linear multivariate polynomials: how to break Grain-128 more efficiently. IACR Cryptol. ePrint Archive 2017, 412 (2017)Google Scholar
  22. 22.
    Ghafari, V.A., Hu, H.: A new chosen IV statistical attack on Grain-128a cipher. In: 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp. 58–62. IEEE (2017)Google Scholar
  23. 23.
    Ghafari, V.A., Hu, H., Xie, C.: Fruit: ultra-lightweight stream cipher with shorter internal state. eSTREAM, ECRYPT Stream Cipher Project (2016)Google Scholar
  24. 24.
    Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997). Scholar
  25. 25.
    Hamann, M., Krause, M.: On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks. Cryptogr. Commun. 10(5), 959–1012 (2018)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Hamann, M., Krause, M., Meier, W.: Lizard-a lightweight stream cipher for power-constrained devices. IACR Trans. Symmetric Cryptol. 2017(1), 45–79 (2017)Google Scholar
  27. 27.
    Hell, M., Johansson, T., Maximov, A., Meier, W.: A stream cipher proposal: Grain-128. In: 2006 IEEE International Symposium on Information Theory, pp. 1614–1618. IEEE (2006)Google Scholar
  28. 28.
    Hell, M., Johansson, T., Meier, W.: Grain: a stream cipher for constrained environments. Int. J. Wirel. Mob. Comput. 2(1), 86–93 (2007)CrossRefGoogle Scholar
  29. 29.
    Hoch, J.J., Shamir, A.: Fault analysis of stream ciphers. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 240–253. Springer, Heidelberg (2004). Scholar
  30. 30.
    Honeywell: IT70 Secure Passive RFID Tag. Technical Specifications (2017).
  31. 31.
    ISO/IEC 29192-3:2012 information technology - security techniques - lightweight cryptography - part 3: Stream ciphers (2012)Google Scholar
  32. 32.
    ISO/IEC 18033-1:2015 information technology - security techniques - encryption algorithms - part 1: General (2015)Google Scholar
  33. 33.
    ISO/IEC 29167-13:2015 information technology – automatic identification and data capture techniques – part 13: Crypto suite Grain-128A security services for air interface communications (2015)Google Scholar
  34. 34.
    Jiao, L., Zhang, B., Wang, M.: Two generic methods of analyzing stream ciphers. In: Lopez, J., Mitchell, C.J. (eds.) ISC 2015. LNCS, vol. 9290, pp. 379–396. Springer, Cham (2015). Scholar
  35. 35.
    Karlsson, L., Hell, M., Stankovski, P.: Not so greedy: enhanced subset exploration for nonrandomness detectors. In: Mori, P., Furnell, S., Camp, O. (eds.) ICISSP 2017. CCIS, vol. 867, pp. 273–294. Springer, Cham (2018). Scholar
  36. 36.
    Karmakar, S., Roy Chowdhury, D.: Fault analysis of Grain-128 by targeting NFSR. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 298–315. Springer, Heidelberg (2011). Scholar
  37. 37.
    Khazaei, S., Hasanzadeh, M.M., Kiaei, M.S.: Linear sequential circuit approximation of Grain and Trivium stream ciphers. IACR Cryptol. ePrint Archive 2006, 141 (2006)Google Scholar
  38. 38.
    Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of NLFSR-based cryptosystems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 130–145. Springer, Heidelberg (2010). Scholar
  39. 39.
    Lehmann, M., Meier, W.: Conditional differential cryptanalysis of Grain-128a. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 1–11. Springer, Heidelberg (2012). Scholar
  40. 40.
    Ma, Z., Tian, T., Qi, W.F.: Conditional differential attacks on Grain-128a stream cipher. IET Inf. Secur. 11(3), 139–145 (2016)CrossRefGoogle Scholar
  41. 41.
    Meier, W., Pasalic, E., Carlet, C.: Algebraic attacks and decomposition of Boolean functions. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 474–491. Springer, Heidelberg (2004). Scholar
  42. 42.
    Mikhalev, V., Armknecht, F., Müller, C.: On ciphers that continuously access the non-volatile key. IACR Transaction Symmetric Cryptology, pp. 52–79 (2016)Google Scholar
  43. 43.
    Sarkar, S., Banik, S., Maitra, S.: Differential fault attack against Grain family with very few faults and minimal assumptions. IEEE Trans. Comput. 64(6), 1647–1657 (2015)MathSciNetCrossRefGoogle Scholar
  44. 44.
    Stankovski, P.: Greedy distinguishers and nonrandomness detectors. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 210–226. Springer, Heidelberg (2010). Scholar
  45. 45.
    Todo, Y.: Structural evaluation by generalized integral property. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 287–314. Springer, Heidelberg (2015). Scholar
  46. 46.
    Todo, Y., Isobe, T., Meier, W., Aoki, K., Zhang, B.: Fast correlation attack revisited. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 129–159. Springer, Cham (2018). Scholar
  47. 47.
    Wang, Q., Hao, Y., Todo, Y., Li, C., Isobe, T., Meier, W.: Improved division property based cube attacks exploiting algebraic properties of superpoly. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 275–305. Springer, Cham (2018). Scholar
  48. 48.
    Watanabe, D., Owada, T., Okamoto, K., Igarashi, Y., Kaneko, T.: Update on Enocoro stream cipher. In: 2010 International Symposium on Information Theory its Applications, pp. 778–783, October 2010Google Scholar
  49. 49.
    Zhang, B., Gong, X., Meier, W.: Fast correlation attacks on Grain-like small state stream ciphers. IACR Trans. Symmetric Cryptol. 2017(4), 58–81 (2017)Google Scholar
  50. 50.
    Ågren, M., Hell, M., Johansson, T., Meier, W.: Grain-128a: a new version of Grain-128 with optional authentication. Int. J. Wirel. Mob. Comput. 5(1), 48–59 (2011)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Martin Hell
    • 1
  • Thomas Johansson
    • 1
    Email author
  • Willi Meier
    • 2
  • Jonathan Sönnerup
    • 1
  • Hirotaka Yoshida
    • 3
  1. 1.Department of Electrical and Information TechnologyLund UniversityLundSweden
  2. 2.FHNWWindischSwitzerland
  3. 3.Cyber Physical Security Research Center (CPSEC)National Institute of Advanced Industrial Science and Technology (AIST)TokyoJapan

Personalised recommendations