On Analysis of Lightweight Stream Ciphers with Keyed Update

As the need for lightweight cryptography has grown even more due to the evolution of the Internet of Things, it has become a greater challenge for cryptographers to design ultra lightweight stream ciphers in compliance with the rule of thumb that the internal state size should be at least twice as the key size to defend against generic Time-Memory-Data Tradeoff (TMDT) attacks. However, Recently in 2015, Armknecht and Mikhalev sparked a new light on designing keystream generators (KSGs), which in turn yields stream ciphers, with small internal states, called KSG with Keyed Update Function (KSG with KUF), and gave a concrete construction named Sprout. But, currently, security analysis of KSGs with KUF in a general setting is almost non-existent. Our contribution in this paper is two-fold. 1) We give a general mathematical setting for KSGs with KUF, and for the first time, analyze a class of such KSGs, called KSGs with Boolean Keyed Feedback Function (KSG with Boolean KFF), generically. In particular, we develop two generic attack algorithms applicable to any KSG with Boolean KFF having almost arbitrary output and feedback functions where the only requirement is that the secret key incorporation is biased. We introduce an upper bound for the time complexity of the first algorithm. Our extensive experiments validate our algorithms and assumptions made thereof. 2) We study Sprout to show the effectiveness of our algorithms in a practical instance. A straightforward application of our generic algorithm yields one of the most successful attacks on Sprout.

[1]  Kyoji Shibutani,et al.  Piccolo: An Ultra-Lightweight Blockcipher , 2011, CHES.

[2]  Subhadeep Banik,et al.  Some Results on Sprout , 2015, INDOCRYPT.

[3]  Willi Meier,et al.  LIZARD - A Lightweight Stream Cipher for Power-constrained Devices , 2017, IACR Trans. Symmetric Cryptol..

[4]  Jovan Dj. Golic,et al.  Cryptanalysis of Alleged A5 Stream Cipher , 1997, EUROCRYPT.

[5]  Santanu Sarkar,et al.  Key Recovery from State Information of Sprout: Application to Cryptanalysis and Fault Attack , 2015, IACR Cryptol. ePrint Arch..

[6]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[7]  Frederik Armknecht,et al.  On Lightweight Stream Ciphers with Shorter Internal States , 2015, FSE.

[8]  Martin Hell,et al.  The Grain Family of Stream Ciphers , 2008, The eSTREAM Finalists.

[9]  María Naya-Plasencia,et al.  Cryptanalysis of Full Sprout , 2015, Annual International Cryptology Conference.

[10]  Christophe De Cannière,et al.  KATAN and KTANTAN - A Family of Small and Efficient Hardware-Oriented Block Ciphers , 2009, CHES.

[11]  Jason Smith,et al.  The SIMON and SPECK Families of Lightweight Block Ciphers , 2013, IACR Cryptol. ePrint Arch..

[12]  S. Babbage Improved “exhaustive search” attacks on stream ciphers , 1995 .

[13]  Frederik Armknecht,et al.  On Ciphers that Continuously Access the Non-Volatile Key , 2017, IACR Trans. Symmetric Cryptol..

[14]  Kyoji Shibutani,et al.  Midori: A Block Cipher for Low Energy , 2015, ASIACRYPT.

[15]  Bin Zhang,et al.  Another Tradeoff Attack on Sprout-Like Stream Ciphers , 2015, ASIACRYPT.

[16]  Orhun Kara,et al.  Practical Cryptanalysis of Full Sprout with TMD Tradeoff Attacks , 2015, SAC.

[17]  Thomas Peyrin,et al.  The LED Block Cipher , 2011, IACR Cryptol. ePrint Arch..

[18]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[19]  Bo Zhu,et al.  The Simeck Family of Lightweight Block Ciphers , 2015, CHES.