[Resource Topic] 2009/109: Cryptanalysis of Stream Cipher Grain Family

Welcome to the resource topic for 2009/109

Cryptanalysis of Stream Cipher Grain Family

Authors: Haina Zhang, Xiaoyun Wang


Grain v1 is one of the 7 final candidates of ECRYPT eStream project, which involves in the 80-bit secret key. Grain-128 is a variant version with 128-bit secret key, and Grain v0 is the original version in the first evaluation phase. Firstly, we describe a distinguishing attack against the Grain family with weak Key-IVs. Utilizing the second Walsh spectra of the nonlinear functions, we show that there are 2^{64}/2^{64}/2^{96} weak Key-IVs among total 2^{144}/2^{144}/2^{224} Key-IVs, and to distinguish a weak Key-IV needs about 2^{12.6}/2^{44.2}/2^{86} keystream bits and 2^{15.8}/2^{47.5}/ 2^{104.2} operations for Grain v0, Grain v1 and Grain-128 respectively. Secondly, we apply algebraic attacks to the Grain family with a weak Key-IV, and can recover the secret key in about 2 seconds and 150 keystream bits for Grain v0 and Grain v1, and reveal the key of Grain-128 with about 100 keystream bits and 2^{93.8} operations. Furthermore, we discuss the period of the keystream with a weak Key-IV for any Grain-like structure which can lead in self-sliding attack.

ePrint: https://eprint.iacr.org/2009/109

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .