In this work, we revisit this rule. We argue that a simple shift in the established design paradigm, namely to involve the fixed secret key not only in the initialization process but in the keystream generation phase as well, enables stream ciphers with smaller area size for two reasons. First, it improves the resistance against the mentioned TMDTO attacks which allows to choose smaller state sizes. Second, one can make use of the fact that storing a fixed value (here: the key) requires less area size than realizing a register of the same length. We demonstrate the feasibility of this approach by describing and implementing a concrete stream cipher Sprout which uses significantly less area than comparable existing lightweight stream ciphers.
Category / Keywords: Stream Ciphers, Lightweight Cryptography, Time-Memory-Data-Tradeoff Attacks Original Publication (in the same form): IACR-FSE-2015 Date: received 18 Feb 2015, last revised 27 Feb 2015 Contact author: mikhalev at uni-mannheim de Available format(s): PDF | BibTeX Citation Note: Accepted to FSE-2015 Version: 20150227:111114 (All versions of this report) Short URL: ia.cr/2015/131 Discussion forum: Show discussion | Start new discussion