Paper 2017/087

Cryptanalysis of full round Fruit

Sabyasachi Dey and Santanu Sarkar


In FSE 2015, Armknetcht et al. proposed a new technique to design stream cipher. This technique involves repeated use of keybits in each round of keystream bit generation. This idea showed the possibility to design stream ciphers where internal state size is significantly lower than twice the key size. They proposed a new cipher based on this idea, named Sprout. But soon Sprout was proved to be insecure. In Crypto 2015, Lallemand et al. proposed an attack on Sprout, which was $2^{10}$ times faster than the exhaustive search. But the new idea used in Sprout showed a new direction in the design of stream cipher, which led to the proposal of several new ciphers with small size of internal state. Fruit is another cipher in this direction proposed recently where both the key size and state size are 80. So far, there is no attack against this cipher. In this paper, we attack full round Fruit by a divide-and-conquer method. We use several types of sieving to reduce the possible candidates for an internal state. Our attack is equivalent to $2^{74.95}$ many Fruit encryption, which is around $16.95$ times faster than average exhaustive key search. This is the first proposed attack against Fruit.

Available format(s)
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Contact author(s)
sarkar santanu bir @ gmail com
2017-02-10: received
Short URL
Creative Commons Attribution


      author = {Sabyasachi Dey and Santanu Sarkar},
      title = {Cryptanalysis of  full round Fruit},
      howpublished = {Cryptology ePrint Archive, Paper 2017/087},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.