[Resource Topic] 2017/346: Some cryptanalytic results on Lizard

Welcome to the resource topic for 2017/346

Some cryptanalytic results on Lizard

Authors: Subhadeep Banik, Takanori Isobe


Lizard is a lightweight stream cipher proposed by Hamann, Krause and Meier in IACR ToSC 2017. It has a Grain-like structure with two state registers of size 90 and 31 bits. The cipher uses a 120 bit Secret Key and a 64 bit IV. The authors claim that Lizard provides 80 bit security against key recovery attacks and a 60-bit security against distinguishing attacks. In this paper, we present an assortment of results and observations on Lizard. First, we show that by doing 2^{58} random trials it is possible to a set of 2^{64} triplets (K,IV_0,IV_1) such that the Key-IV pairs (K,IV_0) and (K,IV_1) produce identical keystream bits. Second, we show that by performing only around 2^{28} random trials it is possible to obtain 2^{64} Key-IV pairs (K_0,IV_0) and (K_1,IV_1) that produce identical keystream bits. Thereafter, we show that one can construct a distinguisher for Lizard based on IVs that produce shifted keystream sequences. The process takes around 2^{51.5} random IV encryptions and around 2^{76.6} bits of memory. Finally, we propose a key recovery attack on a version of Lizard with the number of initialization rounds reduced to 223 (out of 256) based on IV collisions.

ePrint: https://eprint.iacr.org/2017/346

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .