Abstract
Properties of the Grain-128AEAD key re-introduction, as part of the cipher initialization, are analyzed and discussed. We consider and analyze several possible alternatives for key re-introduction and identify weaknesses, or potential weaknesses, in them. Our results show that it seems favorable to separate the state initialization, the key re-introduction, and the A/R register initialization into three separate phases. Based on this, we propose a new cipher initialization and update the cipher version to Grain-128AEADv2. It can be noted that previously reported and published analysis of the cipher remains valid also for this new version.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ågren, M., Hell, M., Johansson, T., Meier, W.: Grain-128a: a new version of Grain-128 with optional authentication. Int. J. Wireless Mobile Comput. 5(1), 48–59 (2011)
Amin Ghafari, V., Hu, H.: Fruit-80: a secure ultra-lightweight stream cipher for constrained environments. Entropy 20(3) (2018). https://www.mdpi.com/1099-4300/20/3/180
Armknecht, F., Mikhalev, V.: On lightweight stream ciphers with shorter internal states. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 451–470. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48116-5_22
Babbage, S., Dodd, M.: The stream cipher mickey 2.0. eSTREAM: the ECRYPT Stream Cipher Project (2006)
Chang, D., Turan, M.S.: Recovering the key from the internal state of grain-128aead. Cryptology ePrint Archive, Report 2021/439 (2021). https://eprint.iacr.org/2021/439
Cannière, C.: Trivium: a stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 171–186. Springer, Heidelberg (2006). https://doi.org/10.1007/11836810_13
Dinur, I., Güneysu, T., Paar, C., Shamir, A., Zimmermann, R.: An experimentally verified attack on full grain-128 using dedicated reconfigurable hardware. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 327–343. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_18
Dinur, I., Shamir, A.: Breaking grain-128 with dynamic cube attacks. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 167–187. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21702-9_10
Hamann, M., Krause, M.: On stream ciphers with provable beyond-the-birthday-bound security against time-memory-data tradeoff attacks. Cryptogr. Commun. 10(5), 959–1012 (2018). https://doi.org/10.1007/s12095-018-0294-5
Hamann, M., Krause, M., Meier, W.: Lizard - a lightweight stream cipher for power-constrained devices. IACR Trans. Symmetric Cryptology 2017(1), 45–79 (2017)
Hell, M., Johansson, T., Brynielsson, L.: An overview of distinguishing attacks on stream ciphers. Cryptogr. Commun. 1(1), 71–94 (2009)
Hell, M., Johansson, T., Maximov, A., Meier, W.: A stream cipher proposal: Grain-128. In: 2006 IEEE International Symposium on Information Theory, pp. 1614–1618. IEEE (2006)
Hell, M., Johansson, T., Meier, W.: Grain: a stream cipher for constrained environments. Int. J. Wireless Mobile Comput. 2(1), 86–93 (2007)
Ma, Z., Tian, T., Qi, W.F.: Conditional differential attacks on grain-128a stream cipher. IET Inf. Secur. 11(3), 139–145 (2017)
Maximov, A., Hell, M.: Software evaluation of grain-128aead for embedded platforms. Cryptology ePrint Archive, Report 2020/659 (2020). https://eprint.iacr.org/2020/659
Mikhalev, V., Armknecht, F., Müller, C.: On ciphers that continuously access the non-volatile key. IACR Trans. Symmetric Cryptology 2016(2), 52–79 (2017)
Rogaway, P.: Authenticated-encryption with associated-data. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, pp. 98–107. Association for Computing Machinery (2002)
Sönnerup, J., Hell, M., Sönnerup, M., Khattar, R.: Efficient hardware implementations of grain-128AEAD. In: Hao, F., Ruj, S., Sen Gupta, S. (eds.) INDOCRYPT 2019. LNCS, vol. 11898, pp. 495–513. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-35423-7_25
Acknowledgements
This research was funded in part by the Swedish Foundation for Strategic Research, grant RIT17-0032 and in part by the ELLIIT project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Hell, M., Johansson, T., Maximov, A., Meier, W., Yoshida, H. (2021). Grain-128AEADv2: Strengthening the Initialization Against Key Reconstruction. In: Conti, M., Stevens, M., Krenn, S. (eds) Cryptology and Network Security. CANS 2021. Lecture Notes in Computer Science(), vol 13099. Springer, Cham. https://doi.org/10.1007/978-3-030-92548-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-92548-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-92547-5
Online ISBN: 978-3-030-92548-2
eBook Packages: Computer ScienceComputer Science (R0)