ACORN is a lightweight authenticated cipher which is one of the selected designs among the fifteen third round candidates. This is based on the underlying model of a stream cipher with 6 LFSRs of different lengths and three additional bits. In this paper we consider the scenario that certain amount of key stream bits and some portion of the state is known. Then we try to discover the rest of the state bits. For example, we show that the LFSR of length 47 can be recovered from 47 key stream bits and guessing the rest of the state bits. We also present the implication of such results towards mounting TMDTO attack on ACORN v3. We show that a TMDTO attack can be mounted with preprocessing complexity \(2^{171}\) and \(2^{180}\) (without and with the help of a SAT solver) and the maximum of online time, memory and data complexity \(2^{122}\) and \(2^{120}\) respectively. While our results do not refute any claim of the designer, these observations might be useful for further understanding of the cipher.
[1]
Alex Biryukov,et al.
Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers
,
2000,
ASIACRYPT.
[2]
Jovan Dj. Golic,et al.
Cryptanalysis of Alleged A5 Stream Cipher
,
1997,
EUROCRYPT.
[3]
Sugata Gangopadhyay,et al.
A TMDTO Attack Against Lizard
,
2018,
IEEE Transactions on Computers.
[4]
Santanu Sarkar,et al.
Differential Fault Attack against Grain Family with Very Few Faults and Minimal Assumptions
,
2015,
IEEE Transactions on Computers.
[5]
Alex Biryukov,et al.
Real Time Cryptanalysis of A5/1 on a PC
,
2000,
FSE.
[6]
S. Babbage.
Improved “exhaustive search” attacks on stream ciphers
,
1995
.