Cryptology ePrint Archive: Report 2017/412

Improved Attack on Full-round Grain-128

Ximing Fu and Xiaoyun Wang and Jiazhe Chen and Marc Stevens and Xiaoyang Dong

Abstract: In this paper, we propose a series of techniques that can be used to determine the missing IV terms of a complex multivariable Boolean polynomial. Using these techniques, we revisit the dynamic cube attack on Grain-128. Based on choosing one more nullified state bit and one more dynamic bit, we are able to obtain the IV terms of degree $43$, combined with various of reduction techniques, fast discarding monomial techniques and IV representation technique for polynomials, so that the missing IV terms can be determined. As a result, we improve the time complexity of the best previous attack on Grain-128 by a factor of $2^{16}$. Moreover, our attack applies to all keys.

Category / Keywords: Stream ciphers, Grain-128, Polynomial reduction, IV representation, Dynamic cube attack

Date: received 11 May 2017, last revised 16 May 2018

Contact author: fxm15 at mails tsinghua edu cn

Available format(s): PDF | BibTeX Citation

Version: 20180516:092428 (All versions of this report)

Short URL: ia.cr/2017/412

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]