Fast Correlation Attack Revisited -Cryptanalysis on Full Grain-128a, Grain-128, and Grain-v1

A fast correlation attack (FCA) is a well-known cryptanalysis technique for LFSR-based stream ciphers. The correlation between the initial state of an LFSR and corresponding key stream is exploited, and the goal is to recover the initial state of the LFSR. In this paper, we revisit the FCA from a new point of view based on a finite field, and it brings a new property for the FCA when there are multiple linear approximations. Moreover, we propose a novel algorithm based on the new property, which enables us to reduce both time and data complexities. We finally apply this technique to the Grain family, which is a well-analyzed class of stream ciphers. There are three stream ciphers, Grain-128a, Grain-128, and Grain-v1 in the Grain family, and Grain-v1 is in the eSTREAM portfolio and Grain-128a is standardized by ISO/IEC. As a result, we break them all, and especially for Grain-128a, the cryptanalysis on its full version is reported for the first time.

[1]  Alexander Maximov,et al.  Cryptanalysis of Grain , 2006, FSE.

[2]  Martin Hell,et al.  Grain-128a: a new version of Grain-128 with optional authentication , 2011, Int. J. Wirel. Mob. Comput..

[3]  Vladimir V. Chepyzhov,et al.  On A Fast Correlation Attack on Certain Stream Ciphers , 1991, EUROCRYPT.

[4]  Zhenqi Li,et al.  Near Collision Attack on the Grain v1 Stream Cipher , 2013, FSE.

[5]  Yosuke Todo,et al.  Improved Division Property Based Cube Attacks Exploiting Algebraic Properties of Superpoly , 2018, IEEE Transactions on Computers.

[6]  Frederik Armknecht,et al.  On Lightweight Stream Ciphers with Shorter Internal States , 2015, FSE.

[7]  Adi Shamir,et al.  An Experimentally Verified Attack on Full Grain-128 Using Dedicated Reconfigurable Hardware , 2011, IACR Cryptol. ePrint Arch..

[8]  Antoine Joux,et al.  Fast Correlation Attacks: An Algorithmic Point of View , 2002, EUROCRYPT.

[9]  Martin Hell,et al.  A Stream Cipher Proposal: Grain-128 , 2006, 2006 IEEE International Symposium on Information Theory.

[10]  Willi Meier,et al.  Quark: A Lightweight Hash , 2010, Journal of Cryptology.

[11]  Yosuke Todo,et al.  Cube Attacks on Non-Blackbox Polynomials Based on Division Property , 2018, IEEE Transactions on Computers.

[12]  Willi Meier,et al.  Conditional Differential Cryptanalysis of Grain-128a , 2012, CANS.

[13]  Thomas Johansson,et al.  Fast Correlation Attacks Based on Turbo Code Techniques , 1999, CRYPTO.

[14]  Adi Shamir,et al.  Breaking Grain-128 with Dynamic Cube Attacks , 2011, IACR Cryptol. ePrint Arch..

[15]  Lei Hu,et al.  Automatic Security Evaluation and (Related-key) Differential Characteristic Search: Application to SIMON, PRESENT, LBlock, DES(L) and Other Bit-Oriented Block Ciphers , 2014, ASIACRYPT.

[16]  Jiazhe Chen,et al.  Determining the Nonexistent Terms of Non-linear Multivariate Polynomials: How to Break Grain-128 More Efficiently , 2017, IACR Cryptol. ePrint Arch..

[17]  Anne Canteaut,et al.  Improved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5 , 2000, EUROCRYPT.

[18]  Dong Hoon Lee,et al.  Cryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks , 2008, ASIACRYPT.

[19]  Jovan Dj. Golic,et al.  A Fast Iterative Algorithm For A Shift Register Initial State Reconstruction Given The Nosiy Output Sequence , 1990, AUSCRYPT.

[20]  Vladimir V. Chepyzhov,et al.  A Simple Algorithm for Fast Correlation Attacks on Stream Ciphers , 2000, FSE.

[21]  Bin Zhang,et al.  Fast Near Collision Attack on the Grain v1 Stream Cipher , 2018, IACR Cryptol. ePrint Arch..

[22]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[23]  Frederik Armknecht,et al.  On Ciphers that Continuously Access the Non-Volatile Key , 2017, IACR Trans. Symmetric Cryptol..

[24]  Chung-Huang Yang,et al.  An Improved Linear Syndrome Algorithm in Cryptanalysis With Applications , 1990, CRYPTO.

[25]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[26]  Willi Meier,et al.  Fast correlation attacks on certain stream ciphers , 1989, Journal of Cryptology.

[27]  Hideki Imai,et al.  Fast Correlation Attack Algorithm with List Decoding and an Application , 2001, FSE.

[28]  Thomas Siegenthaler,et al.  Correlation-immunity of nonlinear combining functions for cryptographic applications , 1984, IEEE Trans. Inf. Theory.

[29]  Bin Zhang,et al.  Multi-pass Fast Correlation Attack on Stream Ciphers , 2006, Selected Areas in Cryptography.

[30]  Thomas Johansson,et al.  Improved Fast Correlation Attacks on Stream Ciphers via Convolutional Codes , 1999, EUROCRYPT.

[31]  Martin Hell,et al.  Grain: a stream cipher for constrained environments , 2007, Int. J. Wirel. Mob. Comput..

[32]  Dawu Gu,et al.  Differential and Linear Cryptanalysis Using Mixed-Integer Linear Programming , 2011, Inscrypt.