Abstract
Acorn is a third-round candidate of the CAESAR competition. It is a lightweight authenticated stream cipher. In this paper, we show how to recover the initial state of Acorn when one pair of Key and IV is used to encrypt three messages. Our method contains two main steps: (1) gathering different states; (2) retrieving linear equations. At the first step, we demonstrate how to gather the relation between states when two different plaintexts are encrypted under the same nonce. And at the second step, we exploit how to retrieve a system of linear equations with respect to the initial state, and how to recover the initial state from this system of equations. We apply this method to both Acorn v2 and Acorn v3. The time complexity to recover the initial state of Acorn v2 is \(2^{78} c\), where c is the time complexity of solving linear equations. It is lower than that of the previous methods. For Acorn v3, we can recover the initial state with the time complexity of \(2^{120.6}c\), lower than that of the exhaustion attack. We also apply it on shrunk ciphers with similar structure and properties of Acorn v2 and Acorn v3 to prove the validity of our method. This paper is the first time to analyze Acorn v3 when a nonce is reused and our method provides some insights into the diffusion ability of such stream ciphers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wu, H.: Acorn: a lightweight authenticated cipher (v3) (2016). http://competitions.cr.yp.to/round3/Acornv3.pdf
Wu, H.: Acorn: a lightweight authenticated cipher (v1) (2014). http://competitions.cr.yp.to/round1/Acornv1.pdf
Wu, H.: Acorn: a lightweight authenticated cipher (v2) (2015). http://competitions.cr.yp.to/round2/Acornv2.pdf
Liu, M., Lin, D.: Cryptanalysis of Lightweight Authenticated Cipher ACORN. Posed on the crypto-competition mailing list (2014)
Chaigneau, C., Fuhr, T., Gilbert, H.: Full Key-recovery on Acorn in Nonce-reuse and Decryption-misuse settings. Posed on the crypto-competition mailing list (2015)
Salam, M.I., Bartlett, H., Dawson, E., Pieprzyk, J., Simpson, L., Wong, K.K.-H.: Investigating cube attacks on the authenticated encryption stream cipher Acorn. In: Batten, L., Li, G. (eds.) ATIS 2016. CCIS, vol. 651, pp. 15–26. Springer, Singapore (2016). https://doi.org/10.1007/978-981-10-2741-3_2
Salam, M.I., Wong, K.K.-H., Bartlett, H., Simpson, L., Dawson, E., Pieprzyk, J.: Finding state collisions in the authenticated encryption stream cipher Acorn. In: Proceedings of the Australasian Computer Science Week Multiconference, p. 36. ACM (2016)
Lafitte, F., Lerman, L., Markowitch, O., Heule, D.V.: SAT-based cryptanalysis of Acorn. IACR Cryptology ePrint Archive, 521 (2016)
Josh, R.J., Sarkar, S.: Some observations on Acorn v1 and Trivia-SC. In: Lightweight Cryptography Workshop, NIST, USA, pp. 20–21 (2015)
Roy, D., Mukhopadhyay, S.: Some results on ACORN. IACR cryptology ePrint report 1132 (2016)
https://groups.google.com/forum/#!forum/crypto-competitions/dzzNcybqFP4
Acknowledgment
The authors would like to thank anonymous reviewers for considerate and helpful comments. This work is supported by National Natural Science Foundation of China (Grant No. 61379139) and the “Strategic Priority Research Program” of the Chinese Academy of Sciences (Grant No. XDA06010701).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Zhang, X., Lin, D. (2018). Cryptanalysis of Acorn in Nonce-Reuse Setting. In: Chen, X., Lin, D., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2017. Lecture Notes in Computer Science(), vol 10726. Springer, Cham. https://doi.org/10.1007/978-3-319-75160-3_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-75160-3_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-75159-7
Online ISBN: 978-3-319-75160-3
eBook Packages: Computer ScienceComputer Science (R0)