Cryptology ePrint Archive: Report 2018/145

Fast Near Collision Attack on the Grain v1 Stream Cipher

Bin Zhang and Chao Xu and Willi Meier

Abstract: Modern stream ciphers often adopt a large internal state to resist various attacks, where the cryptanalysts have to deal with a large number of variables when mounting state recovery attacks. In this paper, we propose a general new cryptanalytic method on stream ciphers, called fast near collision attack, to address this situation. It combines a near collision property with the divide-and-conquer strategy so that only subsets of the internal state, associated with different keystream vectors, are recovered first and merged carefully later to retrieve the full large internal state. A self-contained method is introduced and improved to derive the target subset of the internal state from the partial state difference efficiently. As an application, we propose a new key recovery attack on Grain v1, one of the $7$ finalists selected by the eSTREAM project, in the single-key setting. Both the pre-computation and the online phases are tailored according to its internal structure, to provide an attack for any fixed IV in $2^{75.7}$ cipher ticks after the pre-computation of $2^{8.1}$ cipher ticks, given $2^{28}$-bit memory and about $2^{19}$ keystream bits. Practical experiments on Grain v1 itself whenever possible and on a 80-bit reduced version confirmed our results.

Category / Keywords: Cryptanalysis, Stream ciphers, Grain, Near collision

Original Publication (in the same form): IACR-EUROCRYPT-2018

Date: received 7 Feb 2018

Contact author: zhangbin at tca iscas ac cn, willi meier@fhnw ch

Available format(s): PDF | BibTeX Citation

Version: 20180208:163111 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]