Cryptology ePrint Archive: Report 2016/207

Fault analysis and weak key-IV attack on Sprout

Dibyendu Roy and Sourav Mukhopadhyay

Abstract: Armknecht and Mikhalev proposed a new stream cipher `Sprout' based on the design specification of the stream cipher, Grain-128a. Sprout has shorter state size than Grain family with a round key function. The output of the round key function is XOR'ed with the feedback bit of the NFSR of the cipher. In this paper, we propose a new fault attack on Sprout by injecting a single bit fault after the key initialization phase at any arbitrary position of the NFSR of the cipher. By injecting a single bit fault, we recover the bits of the secret key of the cipher by observing the normal and faulty keystream bits at certain clockings of the cipher. By implementing the attack, we verify our result for one particular case. We also show that the Sprout generates same states for several rounds in key initialization phase for two different key-IV pairs, which proves that the key initialization round is having very poor period.

Category / Keywords: Boolean function, Sprout, Fault attack, Weak key-IV.

Date: received 25 Feb 2016, last revised 20 Oct 2016

Contact author: dibyendu roy1988 at gmail com

Available format(s): PDF | BibTeX Citation

Note: There are some minor changes.

Version: 20161020:115025 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]