Welcome to the resource topic for 2015/231
Title:
A Related-Key Chosen-IV Distinguishing Attack on Full Sprout Stream Cipher
Authors: Yonglin Hao
Abstract:Sprout is a new lightweight stream cipher proposed at FSE 2015. According to its designers, Sprout can resist time-memory-data trade-off (TMDTO) attacks with small internal state size. However, we find a weakness in the updating functions of Sprout and propose a related-key chosen-IV distinguishing attacks on full Sprout. Under the related-key setting, our attacks enable the adversary to detect non-randomness on full 320-round Sprout with a practical complexity of \tilde{O}(2^4) and find collisions in 256 output bits of full Sprout with a complexity of \tilde{O}(2^7). Furthermore, when considering possible remedies, we find that only by modifying the updating functions and output function seems unlikely to equip Sprout with better resistance against this kind of distinguisher. Therefore, it is necessary for designers to give structural modifications.
ePrint: https://eprint.iacr.org/2015/231
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .