Abstract
A new Grain stream cipher, denoted Grain-128AEAD is presented, with support for authenticated encryption with associated data. The cipher takes a 128-bit key and a 96-bit IV and produces a pseudo random sequence that is used for encryption and authentication of messages. The design is based on Grain-128a but introduces a few changes in order to increase the security and protect against recent cryptanalysis results. The MAC is 64 bits, as specified by the NIST requirements in their lightweight security standardization process.
M. Hell, T. Johansson and J. Sönnerup—This work was in part financially supported by the Swedish Foundation for Strategic Research, grant RIT17-0032 and grant RIT17-0005.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Amin Ghafari, V., Hu, H.: Fruit-80: a secure ultra-lightweight stream cipher for constrained environments. Entropy 20(3), 180 (2018)
Armknecht, F., Mikhalev, V.: On lightweight stream ciphers with shorter internal states. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 451–470. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48116-5_22
Aumasson, J.P., Dinur, I., Henzen, L., Meier, W., Shamir, A.: Efficient FPGA implementations of high-dimensional cube testers on the stream cipher Grain-128. In: SHARCS 2009 Special-purpose Hardware for Attacking Cryptographic Systems, p. 147 (2009)
Babbage, S.: Improved “exhaustive search” attacks on stream ciphers. In: IET Conference Proceedings, pp. 161–166(5), January 1995
Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on Grain-128a using MACs. In: Bogdanov, A., Sanadhya, S. (eds.) SPACE 2012. LNCS, pp. 111–125. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34416-9_8
Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on the grain family of stream ciphers. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 122–139. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_8
Banik, S., Maitra, S., Sarkar, S.: A differential fault attack on the grain family under reasonable assumptions. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 191–208. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-34931-7_12
Banik, S., Maitra, S., Sarkar, S., Meltem Sönmez, T.: A chosen IV related key attack on Grain-128a. In: Boyd, C., Simpson, L. (eds.) ACISP 2013. LNCS, vol. 7959, pp. 13–26. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39059-3_2
Banik, S., et al.: Towards low energy stream ciphers. IACR Trans. Symmetric Cryptol. 2018(2), 1–19 (2018)
Berbain, C., Gilbert, H., Maximov, A.: Cryptanalysis of grain. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 15–29. Springer, Heidelberg (2006). https://doi.org/10.1007/11799313_2
Biryukov, A., Shamir, A.: Cryptanalytic time/memory/data tradeoffs for stream ciphers. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 1–13. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44448-3_1
Biryukov, A., Shamir, A., Wagner, D.: Real time cryptanalysis of A5/1 on a PC. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds.) FSE 2000. LNCS, vol. 1978, pp. 1–18. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44706-7_1
Braeken, A., Lano, J.: On the (Im)possibility of practical and secure nonlinear filters and combiners. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 159–174. Springer, Heidelberg (2006). https://doi.org/10.1007/11693383_11
Cannière, C.D., Preneel, B.: Trivium. New Stream Cipher Designs - The eSTREAM Finalists, pp. 244–266 (2008)
Castagnos, G., et al.: Fault analysis of GRAIN-128. In: IEEE International Workshop on (HST) Hardware-Oriented Security and Trust, pp. 7–14 (2009)
Courtois, N., Klimov, A., Patarin, J., Shamir, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_27
Courtois, N.T.: Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_11
Ding, L., Guan, J.: Related key chosen IV attack on Grain-128a stream cipher. IEEE Trans. Inf. Forensics Secur. 8(5), 803–809 (2013)
Dinur, I., Güneysu, T., Paar, C., Shamir, A., Zimmermann, R.: An experimentally verified attack on full Grain-128 using dedicated reconfigurable hardware. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 327–343. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_18
Dinur, I., Shamir, A.: Breaking Grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21702-9_10
Fu, X., Wang, X., Chen, J., Stevens, M.: Determining the nonexistent terms of non-linear multivariate polynomials: how to break Grain-128 more efficiently. IACR Cryptol. ePrint Archive 2017, 412 (2017)
Ghafari, V.A., Hu, H.: A new chosen IV statistical attack on Grain-128a cipher. In: 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), pp. 58–62. IEEE (2017)
Ghafari, V.A., Hu, H., Xie, C.: Fruit: ultra-lightweight stream cipher with shorter internal state. eSTREAM, ECRYPT Stream Cipher Project (2016)
Golić, J.D.: Cryptanalysis of alleged A5 stream cipher. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 239–255. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_17
Hamann, M., Krause, M.: On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks. Cryptogr. Commun. 10(5), 959–1012 (2018)
Hamann, M., Krause, M., Meier, W.: Lizard-a lightweight stream cipher for power-constrained devices. IACR Trans. Symmetric Cryptol. 2017(1), 45–79 (2017)
Hell, M., Johansson, T., Maximov, A., Meier, W.: A stream cipher proposal: Grain-128. In: 2006 IEEE International Symposium on Information Theory, pp. 1614–1618. IEEE (2006)
Hell, M., Johansson, T., Meier, W.: Grain: a stream cipher for constrained environments. Int. J. Wirel. Mob. Comput. 2(1), 86–93 (2007)
Hoch, J.J., Shamir, A.: Fault analysis of stream ciphers. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 240–253. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_18
Honeywell: IT70 Secure Passive RFID Tag. Technical Specifications (2017). https://www.honeywellaidc.com/products/rfid/tags-labels/it70
ISO/IEC 29192-3:2012 information technology - security techniques - lightweight cryptography - part 3: Stream ciphers (2012)
ISO/IEC 18033-1:2015 information technology - security techniques - encryption algorithms - part 1: General (2015)
ISO/IEC 29167-13:2015 information technology – automatic identification and data capture techniques – part 13: Crypto suite Grain-128A security services for air interface communications (2015)
Jiao, L., Zhang, B., Wang, M.: Two generic methods of analyzing stream ciphers. In: Lopez, J., Mitchell, C.J. (eds.) ISC 2015. LNCS, vol. 9290, pp. 379–396. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23318-5_21
Karlsson, L., Hell, M., Stankovski, P.: Not so greedy: enhanced subset exploration for nonrandomness detectors. In: Mori, P., Furnell, S., Camp, O. (eds.) ICISSP 2017. CCIS, vol. 867, pp. 273–294. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93354-2_13
Karmakar, S., Roy Chowdhury, D.: Fault analysis of Grain-128 by targeting NFSR. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 298–315. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21969-6_19
Khazaei, S., Hasanzadeh, M.M., Kiaei, M.S.: Linear sequential circuit approximation of Grain and Trivium stream ciphers. IACR Cryptol. ePrint Archive 2006, 141 (2006)
Knellwolf, S., Meier, W., Naya-Plasencia, M.: Conditional differential cryptanalysis of NLFSR-based cryptosystems. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 130–145. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17373-8_8
Lehmann, M., Meier, W.: Conditional differential cryptanalysis of Grain-128a. In: Pieprzyk, J., Sadeghi, A.-R., Manulis, M. (eds.) CANS 2012. LNCS, vol. 7712, pp. 1–11. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35404-5_1
Ma, Z., Tian, T., Qi, W.F.: Conditional differential attacks on Grain-128a stream cipher. IET Inf. Secur. 11(3), 139–145 (2016)
Meier, W., Pasalic, E., Carlet, C.: Algebraic attacks and decomposition of Boolean functions. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 474–491. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_28
Mikhalev, V., Armknecht, F., Müller, C.: On ciphers that continuously access the non-volatile key. IACR Transaction Symmetric Cryptology, pp. 52–79 (2016)
Sarkar, S., Banik, S., Maitra, S.: Differential fault attack against Grain family with very few faults and minimal assumptions. IEEE Trans. Comput. 64(6), 1647–1657 (2015)
Stankovski, P.: Greedy distinguishers and nonrandomness detectors. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 210–226. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17401-8_16
Todo, Y.: Structural evaluation by generalized integral property. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 287–314. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_12
Todo, Y., Isobe, T., Meier, W., Aoki, K., Zhang, B.: Fast correlation attack revisited. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 129–159. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_5
Wang, Q., Hao, Y., Todo, Y., Li, C., Isobe, T., Meier, W.: Improved division property based cube attacks exploiting algebraic properties of superpoly. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 275–305. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_10
Watanabe, D., Owada, T., Okamoto, K., Igarashi, Y., Kaneko, T.: Update on Enocoro stream cipher. In: 2010 International Symposium on Information Theory its Applications, pp. 778–783, October 2010
Zhang, B., Gong, X., Meier, W.: Fast correlation attacks on Grain-like small state stream ciphers. IACR Trans. Symmetric Cryptol. 2017(4), 58–81 (2017)
Ågren, M., Hell, M., Johansson, T., Meier, W.: Grain-128a: a new version of Grain-128 with optional authentication. Int. J. Wirel. Mob. Comput. 5(1), 48–59 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Test Vectors
A Test Vectors
Here, we give some test vectors for different keys, IVs, and messages. The test vectors are given in hexadecimal, e.g., the key
corresponds to
The message stream is given with the padding included. A padding bit of 1 equals a padding byte of 0x80. Note that for an empty message, the message stream is just the padding.
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Hell, M., Johansson, T., Meier, W., Sönnerup, J., Yoshida, H. (2019). An AEAD Variant of the Grain Stream Cipher. In: Carlet, C., Guilley, S., Nitaj, A., Souidi, E. (eds) Codes, Cryptology and Information Security. C2SI 2019. Lecture Notes in Computer Science(), vol 11445. Springer, Cham. https://doi.org/10.1007/978-3-030-16458-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-16458-4_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16457-7
Online ISBN: 978-3-030-16458-4
eBook Packages: Computer ScienceComputer Science (R0)