Paper 2022/749

Cryptanalysis of Draco

Subhadeep Banik, Universita della Svizzera Italiana
Abstract

Draco is a lightweight stream cipher designed by Hamann et al. in IACR ToSC 2022. It has a Grain-like structure with two state registers of size 95 and 33 bits. In addition, the cipher uses a 128-bit secret key and a 96-bit IV. The first 32 bits of the key and the IV forms a non-volatile internal state that does not change during the time that the cipher produces keystream bits. The authors claim that the cipher is provably secure against Time Memory Data (TMD) Tradeoff attacks. However in this paper, we first present two TMD tradeoff attacks against Draco. Both attacks leverage the fact that for certain judiciously chosen IVs, the state update function of the cipher depend on only a small fraction of the non-volatile internal state. This makes the state update function in Draco essentially a one way function over a much smaller domain and range. The first attack requires around $2^{114.2}$ Draco iterations and requires that the adversary has access to $2^{32}$ chosen IVs. The second attack is such that the attack parameters can be tuned as per the requirements of the attacker. If the attacker prioritizes that the number of different chosen IVs is limited to $2^{20}$ say, then the attack can be done in around time proportional to $2^{126}$ Draco rounds. However if the total attack complexity is to be optimized, then the attack can be performed in $2^{107}$ time using around $2^{40}$ chosen IVs.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
Draco Cryptanalysis Stream Cipher
Contact author(s)
subhadeep banik @ protonmail com
History
2022-06-14: approved
2022-06-11: received
See all versions
Short URL
https://ia.cr/2022/749
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/749,
      author = {Subhadeep Banik},
      title = {Cryptanalysis of Draco},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/749},
      year = {2022},
      url = {https://eprint.iacr.org/2022/749}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.