A new chosen IV statistical distinguishing framework to attack symmetric ciphers, and its application to ACORN-v3 and Grain-128a

We propose a new attack framework based upon cube testers and d-monomial test. The d-monomial test is a general framework for comparing the ANF of the symmetric cipher’s output with ANF of a random Boolean function. In the d-monomial test, the focus is on the frequency of the special monomial in the ANF of Boolean functions, but in the proposed framework, the focus is on the truth table. We attack ACORN-v3 and Grain-128a and demonstrate the efficiency of our framework. We show how it is possible to apply a distinguishing attack for up to 670 initialization rounds of ACORN-v3 and 171 initialization rounds of Grain-128a using our framework. The attack on ACORN-v3 is the best practical attack (and better results can be obtained by using more computing power such as cube attacks). One can apply distinguishing attacks to black box symmetric ciphers by the proposed framework, and we suggest some guidelines to make it possible to improve the attack by analyzing the internal structure of ciphers. The framework is applicable to all symmetric ciphers and hash functions. We discuss how it can reveal weaknesses that are not possible to find by other statistical tests. The attacks were practically implemented and verified.

[1]  Martin Hell,et al.  A Stream Cipher Proposal: Grain-128 , 2006, 2006 IEEE International Symposium on Information Theory.

[2]  Shahram Khazaei,et al.  Chosen IV Statistical Analysis for Key Recovery Attacks on Stream Ciphers , 2008, AFRICACRYPT.

[3]  Paul Stankovski,et al.  Greedy Distinguishers and Nonrandomness Detectors , 2010, INDOCRYPT.

[4]  Stefan Lucks,et al.  Classification of the CAESAR Candidates , 2014, IACR Cryptol. ePrint Arch..

[5]  Adi Shamir,et al.  An Experimentally Verified Attack on Full Grain-128 Using Dedicated Reconfigurable Hardware , 2011, IACR Cryptol. ePrint Arch..

[6]  Adi Shamir,et al.  Breaking Grain-128 with Dynamic Cube Attacks , 2011, IACR Cryptol. ePrint Arch..

[7]  Honggang Hu,et al.  A New Chosen IV Statistical Attack on Grain-128a Cipher , 2017, 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC).

[8]  Martin Hell,et al.  Grain: a stream cipher for constrained environments , 2007, Int. J. Wirel. Mob. Comput..

[9]  María Naya-Plasencia,et al.  Conditional Differential Cryptanalysis of NLFSR-Based Cryptosystems , 2010, ASIACRYPT.

[10]  Lin Ding,et al.  Related Key Chosen IV Attack on Grain-128a Stream Cipher , 2013, IEEE Transactions on Information Forensics and Security.

[11]  Santanu Sarkar,et al.  A Differential Fault Attack on Grain-128a using MACs , 2012, IACR Cryptol. ePrint Arch..

[12]  Leonie Ruth Simpson,et al.  Finding state collisions in the authenticated encryption stream cipher ACORN , 2016, IACR Cryptol. ePrint Arch..

[13]  Hideki Imai,et al.  Generic cryptographic weakness of k-normal Boolean functions in certain stream ciphers and cryptanalysis of grain-128 , 2012, Period. Math. Hung..

[14]  Yosuke Todo,et al.  Cube Attacks on Non-Blackbox Polynomials Based on Division Property , 2018, IEEE Transactions on Computers.

[15]  Sourav Mukhopadhyay,et al.  Some results on ACORN , 2016, IACR Cryptol. ePrint Arch..

[16]  Meicheng Liu,et al.  Degree Evaluation of NFSR-Based Cryptosystems , 2017, CRYPTO.

[17]  Willi Meier,et al.  Conditional Differential Cryptanalysis of Grain-128a , 2012, CANS.

[18]  Deepak Kumar Dalai,et al.  A State Recovery Attack on ACORN-v1 and ACORN-v2 , 2017, NSS.

[19]  Mahmoud Salmasizadeh,et al.  Superpoly algebraic normal form monomial test on Trivium , 2013, IET Inf. Secur..

[20]  Martin Hell,et al.  A New Version of Grain-128 with Authentication , 2011 .

[21]  Martin Hell,et al.  Grain-128a: a new version of Grain-128 with optional authentication , 2011, Int. J. Wirel. Mob. Comput..

[22]  Linus Karlsson,et al.  Improved Greedy Nonrandomness Detectors for Stream Ciphers , 2017, ICISSP.

[23]  Avishek Adhikari,et al.  Full key recovery of ACORN with a single fault , 2016, J. Inf. Secur. Appl..

[24]  Leonie Ruth Simpson,et al.  Investigating Cube Attacks on the Authenticated Encryption Stream Cipher ACORN , 2016, ATIS.

[25]  Seokhie Hong,et al.  Related-Key Chosen IV Attacks on Grain-v1 and Grain-128 , 2008, ACISP.

[26]  Santanu Sarkar,et al.  Differential Fault Attack on Grain v1, ACORN v3 and Lizard , 2017, IACR Cryptol. ePrint Arch..

[27]  Santanu Sarkar,et al.  A Chosen IV Related Key Attack on Grain-128a , 2013, ACISP.

[28]  Wen-Feng Qi,et al.  Conditional differential attacks on Grain-128a stream cipher , 2017, IET Inf. Secur..

[29]  W. G. Cochran Some Methods for Strengthening the Common χ 2 Tests , 1954 .

[30]  Thomas Johansson,et al.  A Framework for Chosen IV Statistical Analysis of Stream Ciphers , 2007, INDOCRYPT.

[31]  Eric Filiol,et al.  A New Statistical Testing for Symmetric Ciphers and Hash Functions , 2002, ICICS.

[32]  Dongdai Lin,et al.  Fault Attack on the Authenticated Cipher ACORN v2 , 2017, Secur. Commun. Networks.

[33]  Willi Meier,et al.  Cube Testers and Key Recovery Attacks on Reduced-Round MD6 and Trivium , 2009, FSE.