Internal State Recovery Attack on Stream Ciphers: Breaking BIVIUM

2019 ◽  
pp. 34-49
Author(s):  
Shravani Shahapure ◽  
Virendra Sule ◽  
R. D. Daruwala
Keyword(s):  
Internal State ◽  
Stream Ciphers ◽  
State Recovery

scholarly journals Tradeoff Attacks on Symmetric Ciphers

2021 ◽  
Author(s):  
Orhun Kara
Keyword(s):  
Internal State ◽  
Security Analysis ◽  
Stream Ciphers ◽  
Open Problems ◽  
Key Recovery ◽  
State Recovery ◽  
Internal States ◽  
Symmetric Ciphers ◽  
Iot Devices ◽  
State Size

Tradeoff attacks on symmetric ciphers can be considered as the generalization of the exhaustive search. Their main objective is reducing the time complexity by exploiting the memory after preparing very large tables at a cost of exhaustively searching all the space during the precomputation phase. It is possible to utilize data (plaintext/ciphertext pairs) in some cases like the internal state recovery attacks for stream ciphers to speed up further both online and offline phases. However, how to take advantage of data in a tradeoff attack against block ciphers for single key recovery cases is still unknown. We briefly assess the state of art of tradeoff attacks on symmetric ciphers, introduce some open problems and discuss the security criterion on state sizes. We discuss the strict lower bound for the internal state size of keystream generators and propose more practical and fair bound along with our reasoning. The adoption of our new criterion can break a fresh ground in boosting the security analysis of small keystream generators and in designing ultra-lightweight stream ciphers with short internal states for their usage in specially low source devices such as IoT devices, wireless sensors or RFID tags.

scholarly journals Fake Near Collisions Attacks

2020 ◽  
pp. 88-103
Author(s):  
Patrick Derbez ◽  
Pierre-Alain Fouque ◽  
Victor Mollimard
Keyword(s):  
Internal State ◽  
Stream Ciphers ◽  
Information Theoretic ◽  
Entropy Loss ◽  
Collision Attacks ◽  
Cryptographic Attacks

Fast Near collision attacks on the stream ciphers Grain v1 and A5/1 were presented at Eurocrypt 2018 and Asiacrypt 2019 respectively. They use the fact that the entire internal state can be split into two parts so that the second part can be recovered from the first one which can be found using the keystream prefix and some guesses of the key materials.In this paper we reevaluate the complexity of these attacks and show that actually they are inferior to previously known results. Basically, we show that their complexity is actually much higher and we point out the main problems of these papers based on information theoretic ideas. We also check that some distributions do not have the predicted entropy loss claimed by the authors. Checking cryptographic attacks with galactic complexity is difficult in general. In particular, as these attacks involve many steps it is hard to identify precisely where the attacks are flawed. But for the attack against A5/1, it could have been avoided if the author had provided a full experiment of its attack since the overall claimed complexity was lower than 232 in both time and memory.

scholarly journals Fast Correlation Attacks on Grain-like Small State Stream Ciphers

2017 ◽  
pp. 58-81 ◽  
Author(s):  
Bin Zhang ◽  
Xinxin Gong ◽  
Willi Meier
Keyword(s):  
Internal State ◽  
Stream Ciphers ◽  
Small Scale ◽  
Secret Key ◽  
Small State ◽  
Key Recovery ◽  
Key Recovery Attack ◽  
Correlation Attacks ◽  
Fast Correlation Attacks

In this paper, we study the security of Grain-like small state stream ciphers by fast correlation attacks, which are commonly regarded as classical cryptanalytic methods against LFSR-based stream ciphers. We extend the cascaded structure adopted in such primitives in general and show how to restore the full internal state part-by-part if the non-linear combining function meets some characteristic. As a case study, we present a key recovery attack against Fruit, a tweaked version of Sprout that employs key-dependent state updating in the keystream generation phase. Our attack requires 262.8 Fruit encryptions and 222.3 keystream bits to determine the 80-bit secret key. Practical simulations on a small-scale version confirmed our results.

A Fault Attack on the Family of Enocoro Stream Ciphers

Cryptography ◽  
2021 ◽  
Vol 5 (4) ◽  
pp. 26
Author(s):  
Julian Danner ◽  
Martin Kreuzer
Keyword(s):  
Fault Injection ◽  
Internal State ◽  
Linear Equations ◽  
Stream Ciphers ◽  
Secret Key ◽  
Fault Attack ◽  
Time Period ◽  
The Family ◽  
Small Parts ◽  
Differential Fault Attack

A differential fault attack framework for the Enocoro family of stream ciphers is presented. We only require that the attacker can reset the internal state and inject a random byte-fault, in a random register, during a known time period. For a single fault injection, we develop a differential clocking algorithm that computes a set of linear equations in the in- and output differences of the non-linear parts of the cipher and relates them to the differential keystream. The usage of these equations is two-fold. Firstly, one can determine those differentials that can be computed from the faulty keystream, and secondly they help to pin down the actual location and timing of the fault injection. Combining these results, each fault injection gives us information on specific small parts of the internal state. By encoding the information we gain from several fault injections using the weighted Horn clauses, we construct a guessing path that can be used to quickly retrieve the internal state using a suitable heuristic. Finally, we evaluate our framework with the ISO-standardized and CRYPTREC candidate recommended cipher Enocoro-128v2. Simulations show that, on average, the secret key can be retrieved within 20 min on a standard workstation using less than five fault injections.

Internal state recovery of Grain v1 employing guess-and-determine attack

2017 ◽  
Vol 11 (6) ◽  
pp. 363-368 ◽  
Author(s):  
Zhen Ma ◽  
Tian Tian ◽  
Wen-Feng Qi
Keyword(s):  
Internal State ◽  
State Recovery

scholarly journals Atom: A Stream Cipher with Double Key Filter

2021 ◽  
pp. 5-36
Author(s):  
Subhadeep Banik ◽  
Andrea Caforio ◽  
Takanori Isobe ◽  
Fukang Liu ◽  
Willi Meier ◽  
...  
Keyword(s):  
Stream Cipher ◽  
Internal State ◽  
Common Knowledge ◽  
Basic Structure ◽  
Stream Ciphers ◽  
Security Level ◽  
Secret Key ◽  
Internal States ◽  
The Face

It has been common knowledge that for a stream cipher to be secure against generic TMD tradeoff attacks, the size of its internal state in bits needs to be at least twice the size of the length of its secret key. In FSE 2015, Armknecht and Mikhalev however proposed the stream cipher Sprout with a Grain-like architecture, whose internal state was equal in size with its secret key and yet resistant against TMD attacks. Although Sprout had other weaknesses, it germinated a sequence of stream cipher designs like Lizard and Plantlet with short internal states. Both these designs have had cryptanalytic results reported against them. In this paper, we propose the stream cipher Atom that has an internal state of 159 bits and offers a security of 128 bits. Atom uses two key filters simultaneously to thwart certain cryptanalytic attacks that have been recently reported against keystream generators. In addition, we found that our design is one of the smallest stream ciphers that offers this security level, and we prove in this paper that Atom resists all the attacks that have been proposed against stream ciphers so far in literature. On the face of it, Atom also builds on the basic structure of the Grain family of stream ciphers. However, we try to prove that by including the additional key filter in the architecture of Atom we can make it immune to all cryptanalytic advances proposed against stream ciphers in recent cryptographic literature.

scholarly journals On the Statistical Analysis of ZUC, Espresso and Grain v1

2021 ◽  
pp. 384-390
Author(s):  
Saurabh Shrivastava ◽  
K. V. Lakshmy ◽  
Chungath Srinivasan
Keyword(s):  
Statistical Analysis ◽  
Stream Cipher ◽  
Internal State ◽  
Statistical Tests ◽  
Stream Ciphers ◽  
Hamming Weight ◽  
Secret Key ◽  
State Correlation ◽  
Very High

A stream cipher generates long keystream to be XORed with plaintext to produce ciphertext. A stream cipher is said to be secure if the keystream that it produces is consistently random. One of the ways by which we can analyze stream ciphers is by testing randomness of the keystream. The statistical tests mainly try to find if any output keystream leaks any information about the secret key or the cipher’s internal state and also check the randomness of the keystream. We have applied these tests to different keystreams generated by ZUC, Espresso and Grain v1 stream ciphers to check for any weaknesses. We have also proposed four new statistical tests to analyze the internal state when the hamming weight of key and IV used is very high or low. Out of these four tests, Grain v1 fails the last test i.e. internal state correlation using high hamming weight IV.

Sign in / Sign up

Export Citation Format

Share Document