Recovering Internal States of Grain-v1

  • Deepak Kumar Dalai
  • Santu PalEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11879)


In this paper, we analyze the non-linear part of the output function h of Grain-v1 and use a guess and determine strategy to recover 33 state bits from 33 consecutive keystream bits of Grain-v1 by fixing 45 bits and guessing 82 bits. This reduces the conditional sampling resistance of Grain-v1, which is best till now. We apply the Time-Memory-Data Trade-Off (TMDTO) attack on Grain-v1 with this conditional sampling resistance to get a trade-off curve which improves the pre-processing time complexity and online time complexity with improved memory.


Cryptanalysis Grain-v1 Guess and determine attack Time-Memory-Data Trade-Off (TMDTO) Attack 


  1. 1.
    eSTREAM: Stream cipher project for ECRYPT (2005).
  2. 2.
    Babbage, S.: A space/time tradeoff in exhaustive search attacks on stream ciphers. In: European Convention on Security and Detection, no. 408. IEE Conference Publication (1995)Google Scholar
  3. 3.
    Biryukov, A., Shamir, A.: Cryptanalytic Time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000). Scholar
  4. 4.
    Biryukov, A., Shamir, A., Wagner, D.: Real time cryptanalysis of A5/1 on a PC. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 1–18. Springer, Heidelberg (2001). Scholar
  5. 5.
    Bjørstad, T.E.: Cryptanalysis of grain using time/memory/data tradeoffs (2008).
  6. 6.
    van den Broek, F., Poll, E.: A comparison of time-memory trade-off attacks on stream ciphers. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 406–423. Springer, Heidelberg (2013). Scholar
  7. 7.
    Ding, L., Jin, C., Guan, J., Qi, C.: New treatment of the BSW sampling and its applications to stream ciphers. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2014. LNCS, vol. 8469, pp. 136–146. Springer, Cham (2014). Scholar
  8. 8.
    Ding, L., Jin, C., Guan, J., Zhang, S., Li, J., Wang, H., Zhao, W.: New state recovery attacks on the Grain-v1 stream cipher. China Commun. 13(11), 180–188 (2016)CrossRefGoogle Scholar
  9. 9.
    Dunkelman, O., Nathan, K.: Treatment of the initial value in time-memory-data tradeoff attacks on stream ciphers. Inf. Process. Lett. 107(5), 133–137 (2008)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997). Scholar
  11. 11.
    Hell, M., Johansson, T., Meier, W.: Grain: a stream cipher for constrained environments. Int. J. Wirel. Mob. Comput. 2(1), 86–93 (2007)CrossRefGoogle Scholar
  12. 12.
    Hellman, M.: A cryptanalytic time-memory trade-off. IEEE Trans. Inf. Theory 26(4), 401–406 (1980)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Hong, J., Sarkar, P.: New applications of time memory data tradeoffs. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 353–372. Springer, Heidelberg (2005). Scholar
  14. 14.
    Jiao, L., Zhang, B., Wang, M.: Two generic methods of analyzing stream ciphers. In: Lopez, J., Mitchell, C.J. (eds.) ISC 2015. LNCS, vol. 9290, pp. 379–396. Springer, Cham (2015). Scholar
  15. 15.
    Mihaljević, M., Gangopadhyay, S., Paul, G., Imai, H.: Internal state recovery of Grain-v1 employing normality order of the filter function. IET Inf. Secur. 6(2), 55–64 (2012)CrossRefGoogle Scholar
  16. 16.
    Mihaljević, M., Sinha, N., Gangopadhyay, S., Maitra, S., Paul, G., Matsuura, K.: An improved cryptanalysis of lightweight stream cipher Grain-v1. In: Cryptacus: Workshop and MC Meeting (2017)Google Scholar
  17. 17.
    Oechslin, P.: Making a faster cryptanalytic time-memory trade-off. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 617–630. Springer, Heidelberg (2003). Scholar
  18. 18.
    Siddhanti, A.A., Maitra, S., Sinha, N.: Certain observations on ACORN v3 and Grain-v1-implications towards TMDTO attacks. J. Hardw. Syst. Secur. 3(1), 64–77 (2019)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.National Institute of Science Education and Research, HBNIBhubaneswarIndia

Personalised recommendations