Paper 2019/702
Cryptanalysis of Plantlet
Subhadeep Banik, Khashayar Barooti, and Takanori Isobe
Abstract
Plantlet is a lightweight stream cipher designed by Mikhalev, Armknecht and Müller in \texttt{IACR ToSC} 2017. It has a Grainlike structure with two state registers of size $40$ and $61$ bits. In spite of this, the cipher does not seem to lose in security against generic TimeMemoryData Tradeoff attacks due to the novelty of its design. The cipher uses a 80bit secret key and a 90bit IV. In this paper, we first present a key recovery attack on Plantlet that requires around $2^{76.26}$ Plantlet encryptions. The attack leverages the fact that two internal states of Plantlet that differ in the 43rd LFSR location are guaranteed to produce keystream that are either equal or unequal in 45 locations with probability 1. Thus an attacker can with some probability guess that when 2 segments of keystream blocks possess the 45 bit difference just mentioned, they have been produced by two internal states that differ only in the 43rd LFSR location. Thereafter by solving a system of polynomial equations representing the keystream bits, the attacker can find the secret key if his guess was indeed correct, or reach some kind of contradiction if his guess was incorrect. In the latter event, he would repeat the procedure for other keystream blocks with the given difference. We show that the process when repeated a finite number of times, does indeed yield the value of the secret key. In the second part of the paper, we observe that the previous attack was limited to internal state differences that occurred at time instances that were congruent to $0\bmod 80$. We further observe that by generalizing the attack to include internal state differences that are congruent to all equivalence classed modulo 80, we lower the total number of keystream bits required to perform the attack and in the process reduce the attack complexity to $2^{69.98}$ Plantlet encryptions.
Metadata
 Available format(s)
 Category
 Secretkey cryptography
 Publication info
 Preprint. MINOR revision.
 Keywords
 Grain v1PlantletStream Cipher
 Contact author(s)
 subhadeep banik @ epfl ch
 History
 20190721: revised
 20190613: received
 See all versions
 Short URL
 https://ia.cr/2019/702
 License

CC BY
BibTeX
@misc{cryptoeprint:2019/702, author = {Subhadeep Banik and Khashayar Barooti and Takanori Isobe}, title = {Cryptanalysis of Plantlet}, howpublished = {Cryptology {ePrint} Archive, Paper 2019/702}, year = {2019}, url = {https://eprint.iacr.org/2019/702} }