Cryptology ePrint Archive: Report 2017/087

Cryptanalysis of full round Fruit

Sabyasachi Dey and Santanu Sarkar

Abstract: In FSE 2015, Armknetcht et al. proposed a new technique to design stream cipher. This technique involves repeated use of keybits in each round of keystream bit generation. This idea showed the possibility to design stream ciphers where internal state size is significantly lower than twice the key size. They proposed a new cipher based on this idea, named Sprout. But soon Sprout was proved to be insecure. In Crypto 2015, Lallemand et al. proposed an attack on Sprout, which was $2^{10}$ times faster than the exhaustive search. But the new idea used in Sprout showed a new direction in the design of stream cipher, which led to the proposal of several new ciphers with small size of internal state.

Fruit is another cipher in this direction proposed recently where both the key size and state size are 80. So far, there is no attack against this cipher. In this paper, we attack full round Fruit by a divide-and-conquer method. We use several types of sieving to reduce the possible candidates for an internal state. Our attack is equivalent to $2^{74.95}$ many Fruit encryption, which is around $16.95$ times faster than average exhaustive key search. This is the first proposed attack against Fruit.

Category / Keywords: secret-key cryptography /