Cryptology ePrint Archive: Report 2019/670

On designing secure small-state stream ciphers against time-memory-data tradeoff attacks

Vahid Amin Ghafari and Honggang Hu and Fujiang Lin

Abstract: A new generation of stream ciphers, small-state stream ciphers (SSCs), was born in 2015 with the introduction of the Sprout cipher. The new generation is based on using key bits not only in the initialization but also continuously in the keystream generation phase. The new idea allowed designing stream ciphers with significantly smaller area size and low power consumption. A distinguishing time-memory-data tradeoff (TMDTO) attack was successfully applied against all SSCs in 2017 by Hamann et al. [1]. They suggested using not only key bits but also initial value (IV) bits continuously in the keystream generation phase to strengthen SSCs against TMDTO attacks. Then, Hamann and Krause [2] proposed a construction based on using only IV bits continuously in packet mode. They suggested an instantiation of an SSC and claimed that it is resistant to TMDTO attacks. We point out that storing IV bits imposes an overhead on cryptosystems that is not acceptable in many applications. More importantly, we show that the proposed SSC remains vulnerable to TMDTO attacks. To resolve security threat, the current paper proposes constructions, based on storing key or IV bits, that are the first to provide full security against TMDTO attacks. It is possible to obtain parameters for secure SSCs based on these suggested constructions. Our constructions are a fruitful research direction in stream ciphers.

Category / Keywords: secret-key cryptography / Stream cipher, Ultra-lightweight, Small-state, Sprout, Fruit, Plantlet, Distinguishing attack, Time-memory-data tradeoff attack

Date: received 6 Jun 2019

Contact author: vahidaming at ustc edu cn

Available format(s): PDF | BibTeX Citation

Version: 20190606:113935 (All versions of this report)

Short URL: ia.cr/2019/670


[ Cryptology ePrint archive ]