The Grain Family of Stream Ciphers

  • Martin Hell
  • Thomas Johansson
  • Alexander Maximov
  • Willi Meier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4986)


A new family of stream ciphers, Grain, is proposed. Two variants, a 80-bit and a 128-bit variant are specified, denoted Grain and Grain-128 respectively. The designs target hardware environments where gate count, power consumption and memory are very limited. Both variants are based on two shift registers and a nonlinear output function. The ciphers also have the additional feature that the speed can be easily increased at the expense of extra hardware.


Boolean Function Output Function Stream Cipher Bend Function Algebraic Degree 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ekdahl, P., Johansson, T.: A new version of the stream cipher SNOW. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 47–61. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Hawkes, P., Rose, G.: Primitive specification for SOBER-128. Cryptology ePrint Archive, Report 2003/081 (2003),
  3. 3.
    Maximov, A.: Cryptanalysis of the Grain family of stream ciphers. In: Lin, F., Lee, D., Lin, B., Shieh, S., Jajodia, S. (eds.) ACM Symposium on Information, Computer and Communications Security (ASIACCS 2006), pp. 283–288. ACM, New York (2006)CrossRefGoogle Scholar
  4. 4.
    Berbain, C., Gilbert, H., Maximov, A.: Cryptanalysis of Grain. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 15–29. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Khazaei, S., Hassanzadeh, M., Kiaei, M.: Distinguishing attack on Grain. eSTREAM, ECRYPT Stream Cipher Project, Report2005/071 (2005),
  6. 6.
    Golić, J.: Computation of low-weight parity-check polynomials. Electronic Letters 32(21), 1981–1982 (1996)CrossRefGoogle Scholar
  7. 7.
    Hell, M.: On the design and analysis of stream ciphers. PhD thesis, Lund University (2007)Google Scholar
  8. 8.
    Babbage, S.: A space/time tradeoff in exhaustive search attacks on stream ciphers. In: European Convention on Security and Detection. IEE Conference Publication, vol. 408 (1995)Google Scholar
  9. 9.
    Golić, J.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997)Google Scholar
  10. 10.
    Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Hong, J., Sarkar, P.: New applications of time memory data tradeoffs. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 353–372. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Hoch, J., Shamir, A.: Fault analysis of stream ciphers. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 240–253. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Martin Hell
    • 1
  • Thomas Johansson
    • 1
  • Alexander Maximov
    • 2
  • Willi Meier
    • 3
  1. 1.Dept. of Electrical and Information TechnologyLund UniversityLundSweden
  2. 2.Ericsson ABLundSweden
  3. 3.FHNWWindischSwitzerland

Personalised recommendations