[Resource Topic] 2014/652: A Dynamic Cube Attack on $105$ round Grain v1

Welcome to the resource topic for 2014/652

Title:
A Dynamic Cube Attack on 105 round Grain v1

Authors: Subhadeep Banik

Abstract:

As far as the Differential Cryptanalysis of reduced round Grain v1 is concerned, the best results were those published by Knellwolf et al. in Asiacrypt 2011. In an extended version of the paper, it was shown that it was possible to retrieve {\bf (i)} 5 expressions in the Secret Key bits for a variant of Grain v1 that employs 97 rounds (in place of 160) in its Key Scheduling process using 2^{27} chosen IVs and {\bf (ii)} 1 expression in Secret Key bits for a variant that employs 104 rounds in its Key Scheduling using 2^{35} chosen IVs. However, the second attack on 104 rounds, had a success probability of around 50%, which is to say that the attack worked for only around one half of the Secret Keys. In this paper we propose a dynamic cube attack on 105 round Grain v1, that has a success probability of 100%, and thus we report an improvement of 8 rounds over the previous best attack on Grain v1 that attacks the entire Keyspace. We take the help of the tool \Delta{\sf Grain}_{\sf KSA}, proposed by Banik at ACISP 2014, to track the differential trails induced in the internal state of Grain v1 by any difference in the IV bits, and we prove that a suitably introduced difference in the IV leads to a distinguisher for the output bit produced in the 105^{th} round. This, in turn, helps determine the values of 6 expressions in the Secret Key bits.

ePrint: https://eprint.iacr.org/2014/652

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .