Cryptology ePrint Archive: Report 2016/926

LIZARD - A Lightweight Stream Cipher for Power-constrained Devices

Matthias Hamann and Matthias Krause and Willi Meier

Abstract: Time-memory-data (TMD) tradeoff attacks limit the security level of many classical stream ciphers (like $E_0$, A5/1, Trivium, Grain) to $\frac{1}{2}n$, where $n$ denotes the inner state length of the underlying keystream generator. In this paper, we present LIZARD, a lightweight stream cipher for power-constrained devices like passive RFID tags. Its hardware efficiency results from combining a Grain-like design with the $FP(1)$-mode, a recently suggested construction principle for the state initialization of stream ciphers, which offers provable $\frac{2}{3}n$-security against TMD tradeoff attacks aiming at key recovery. LIZARD uses 120-bit keys, 64-bit IVs and has an inner state length of 121 bit. It is supposed to provide 80-bit security against key recovery attacks. LIZARD allows to generate up to $2^{18}$ keystream bits per key/IV pair, which would be sufficient for many existing communication scenarios like Bluetooth, WLAN or HTTPS.

Category / Keywords: Stream Ciphers, Lightweight Cryptography, Time-Memory-Data Tradeoff Attacks, FP(1)-mode, Grain, RFID

Original Publication (in the same form): IACR-FSE-2017

Date: received 23 Sep 2016, last revised 24 Feb 2017

Contact author: hamann at uni-mannheim de

Available format(s): PDF | BibTeX Citation

Note: Camera-ready version for FSE 2017 (ToSC: Volume 2017, Issue 1)

Version: 20170224:190028 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]