Paper 2011/282

An Experimentally Verified Attack on Full Grain-128 Using Dedicated Reconfigurable Hardware

Itai Dinur, Tim Güneysu, Christof Paar, Adi Shamir, and Ralf Zimmermann


In this paper we describe the first single-key attack which can break the full version of Grain-128 for arbitrary keys by an algorithm which is considerably faster than exhaustive search (by a factor of about $2^{38}$). It uses a new version of a cube tester, which uses an improved choice of dynamic variables to eliminate all the previously made assumptions on the key, to speed up the attack, and to simplify the final key recovery. Since it is extremely difficult to mathematically analyze the expected behavior of such attacks, we implemented it on RIVYERA, which is a new massively parallel reconfigurable hardware, and tested its main components for dozens of random keys. These tests experimentally verified the correctness and expected complexity of the attack. This is the first time a complex analytical attack is successfully realized against a full-size cipher with a special-purpose machine. Moreover, it is also the first attack that truly exploits the configurable nature of an FPGA-based cryptanalytical hardware.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Accepted to ASIACRYPT'11
Grain-128stream ciphercryptanalysiscube attackscube testersRIVYERAexperimental verification.
Contact author(s)
itaid @ weizmann ac il
2011-09-18: revised
2011-06-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Itai Dinur and Tim Güneysu and Christof Paar and Adi Shamir and Ralf Zimmermann},
      title = {An Experimentally Verified Attack on Full Grain-128 Using Dedicated Reconfigurable Hardware},
      howpublished = {Cryptology ePrint Archive, Paper 2011/282},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.