Grain is one of the simplest ECRYPT Stream Cipher project Candidates which deals with key and IV of length 80 and 64 respectively. Using the linear sequential circuit approximation method, introduced by Golic in 1994, we derive a linear function of consecutive keystream bits which is held with correlation coefficient of about 2 -63.7 . Then using the concept of so-called generating function, we turn it into a linear function with correlation coefficient of 2 -29 which shows that the output sequence of Grain can be distinguished from a purely random sequence using about O(2 61.4 ) bits of the output sequence with the same time complexity. A preprocessing phase for computing a trinomial multiple of a certain primitive polynomial with degree 80 is needed which can be performed using time and memory complexities of O(2 40 ).
[1]
Jovan Dj. Golic.
Linear Models for Keystream Generators
,
1996,
IEEE Trans. Computers.
[2]
Martin Hell,et al.
Grain: a stream cipher for constrained environments
,
2007,
Int. J. Wirel. Mob. Comput..
[3]
Jovan Dj. Golic,et al.
Intrinsic Statistical Weakness of Keystream Generators
,
1994,
ASIACRYPT.
[4]
David A. Wagner,et al.
A Generalized Birthday Problem
,
2002,
CRYPTO.
[5]
Walter T. Penzhorn,et al.
Computation of Low-Weight Parity Checks for Correlation Attacks on Stream Ciphers
,
1995,
IMACC.