Paper 2017/346

Some cryptanalytic results on Lizard

Subhadeep Banik and Takanori Isobe

Abstract

Lizard is a lightweight stream cipher proposed by Hamann, Krause and Meier in IACR ToSC 2017. It has a Grain-like structure with two state registers of size 90 and 31 bits. The cipher uses a 120 bit Secret Key and a 64 bit IV. The authors claim that Lizard provides 80 bit security against key recovery attacks and a 60-bit security against distinguishing attacks. In this paper, we present an assortment of results and observations on Lizard. First, we show that by doing $2^{58}$ random trials it is possible to a set of $2^{64}$ triplets $(K,IV_0,IV_1)$ such that the Key-IV pairs $(K,IV_0)$ and $(K,IV_1)$ produce identical keystream bits. Second, we show that by performing only around $2^{28}$ random trials it is possible to obtain $2^{64}$ Key-IV pairs $(K_0,IV_0)$ and $(K_1,IV_1)$ that produce identical keystream bits. Thereafter, we show that one can construct a distinguisher for Lizard based on IVs that produce shifted keystream sequences. The process takes around $2^{51.5}$ random IV encryptions and around $2^{76.6}$ bits of memory. Finally, we propose a key recovery attack on a version of Lizard with the number of initialization rounds reduced to 223 (out of 256) based on IV collisions.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Grain v1LizardStream Cipher.
Contact author(s)
bsubhadeep @ ntu edu sg
History
2017-04-21: received
Short URL
https://ia.cr/2017/346
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2017/346,
      author = {Subhadeep Banik and Takanori Isobe},
      title = {Some cryptanalytic results on Lizard},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/346},
      year = {2017},
      url = {https://eprint.iacr.org/2017/346}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.