Banik, S.
, Maitra, S.
, Sarkar, S.
and Sonmez Turan, M.
(2013),
A Chosen IV Related Key Attack on Grain-128a, Proceedings of 18th Australasian Conference on Information Security and Privacy, Brisbane, AU, [online], https://doi.org/10.1007/978-3-642-39059-3_2, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913678
(Accessed April 19, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
A Chosen IV Related Key Attack on Grain-128a
Published
Author(s)
Subhadeep Banik, Subhamoy Maitra, ,
Abstract
Due to the symmetric padding used in the stream cipher Grain v1 and Grain-128, it is possible to find Key-IV pairs that generate shifted keystreams efficiently. Based on this observation, Lee et al. presented a related-Key chosen IV attack on Grain v1 and Grain-128 in ACISP 2008. Later, the designers introduced Grain-128a having an asymmetric padding. As a result, the existing idea of related-Key chosen IV attack does not work on this new design. In this paper, we present a key recovery attack on Grain-128a, in a related-Key chosen IV setting. We show that using around $\gamma \cdot 2^32}$ ($\gamma$ is a constant related to actual experimentation and it is sufficient to estimate it as $2^8$) related keys and $\gamma \cdot 2^64}$ chosen IVs, it is possible to obtain $32\cdot \gamma$ simple nonlinear equations and solve them to recover the secret key in Grain-128a.Proceedings Title
Proceedings of 18th Australasian Conference on Information Security and Privacy
Volume
7959
Conference Dates
July 1-3, 2013
Conference Location
Brisbane, AU
Conference Title
18th Australasian Conference on Information Security and Privacy
Pub Type
Conferences
Download Paper
Keywords
Cryptanalysis, eStream, Grain-128a, Related Keys, Stream Cipher
Citation
Created July 23, 2013, Updated October 12, 2021