LIZARD - A Lightweight Stream Cipher for Power-constrained Devices

Matthias Hamann; Matthias Krause; Willi Meier

Paper 2016/926

LIZARD - A Lightweight Stream Cipher for Power-constrained Devices

Matthias Hamann, Matthias Krause, and Willi Meier

Abstract

Time-memory-data (TMD) tradeoff attacks limit the security level of many classical stream ciphers (like $E_{0}$ , A5/1, Trivium, Grain) to $\frac{1}{2} n$ , where $n$ denotes the inner state length of the underlying keystream generator. In this paper, we present LIZARD, a lightweight stream cipher for power-constrained devices like passive RFID tags. Its hardware efficiency results from combining a Grain-like design with the $F P (1)$ -mode, a recently suggested construction principle for the state initialization of stream ciphers, which offers provable $\frac{2}{3} n$ -security against TMD tradeoff attacks aiming at key recovery. LIZARD uses 120-bit keys, 64-bit IVs and has an inner state length of 121 bit. It is supposed to provide 80-bit security against key recovery attacks. LIZARD allows to generate up to $2^{18}$ keystream bits per key/IV pair, which would be sufficient for many existing communication scenarios like Bluetooth, WLAN or HTTPS.

Note: Camera-ready version for FSE 2017 (ToSC: Volume 2017, Issue 1)

Metadata

Available format(s): PDF
Publication info: Published by the IACR in FSE 2017
Keywords: Stream Ciphers Lightweight Cryptography Time-Memory-Data Tradeoff Attacks FP(1)-mode Grain RFID
Contact author(s): hamann @ uni-mannheim de
History: 2017-02-24: revised; 2016-09-24: received; See all versions
Short URL: https://ia.cr/2016/926
License: CC BY

BibTeX

@misc{cryptoeprint:2016/926,
      author = {Matthias Hamann and Matthias Krause and Willi Meier},
      title = {{LIZARD} - A Lightweight Stream Cipher for Power-constrained Devices},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/926},
      year = {2016},
      url = {https://eprint.iacr.org/2016/926}
}