Paper 2017/346

Some cryptanalytic results on Lizard

Subhadeep Banik and Takanori Isobe

Abstract

Lizard is a lightweight stream cipher proposed by Hamann, Krause and Meier in IACR ToSC 2017. It has a Grain-like structure with two state registers of size 90 and 31 bits. The cipher uses a 120 bit Secret Key and a 64 bit IV. The authors claim that Lizard provides 80 bit security against key recovery attacks and a 60-bit security against distinguishing attacks. In this paper, we present an assortment of results and observations on Lizard. First, we show that by doing 258 random trials it is possible to a set of 264 triplets (K,IV0,IV1) such that the Key-IV pairs (K,IV0) and (K,IV1) produce identical keystream bits. Second, we show that by performing only around 228 random trials it is possible to obtain 264 Key-IV pairs (K0,IV0) and (K1,IV1) that produce identical keystream bits. Thereafter, we show that one can construct a distinguisher for Lizard based on IVs that produce shifted keystream sequences. The process takes around random IV encryptions and around bits of memory. Finally, we propose a key recovery attack on a version of Lizard with the number of initialization rounds reduced to 223 (out of 256) based on IV collisions.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Grain v1LizardStream Cipher.
Contact author(s)
bsubhadeep @ ntu edu sg
History
2017-04-21: received
Short URL
https://ia.cr/2017/346
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/346,
      author = {Subhadeep Banik and Takanori Isobe},
      title = {Some cryptanalytic results on Lizard},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/346},
      year = {2017},
      url = {https://eprint.iacr.org/2017/346}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.